Get Better Gear!

Premier Sponsors

TechRestore

Other World Computing

Top 5 Free Apps

Release Date: August 05, 2009
Genre: Games
Release Date: May 22, 2009
Genre: Games
Release Date: August 29, 2009
Genre: Games
Release Date: March 27, 2009
Release Date: August 07, 2009

iTunes New Music Releases

Release Date: September 29, 2009
Genre: Rock
Release Date: September 20, 2009
Release Date: September 15, 2009
Release Date: August 25, 2009
Genre: Rock
Release Date: August 25, 2009

Top 5 Paid Apps

Release Date: April 22, 2009
StickWars $0.99
Release Date: March 31, 2009
Genre: Games
Bloons $0.99
Release Date: April 05, 2009
Genre: Games

Discover New Music

  • Is This It

    • 10 out of 10
    • The Strokes
    • The Strokes set the music world on fire with this 2001 album, with headlines declaring that the New York band was here to save Rock and Roll. While the band hasn't made as much of a splash since t

  • The Life Pursuit

    • 8 out of 10
    • Belle & Sebastian
    • The Life Pursuit is a sort of Reeses Peanut Butter Cup. You get Belle & Sebastian's peanut butter (its wistful, often irresistible pop) dipped in a 'Have A Nice Day!' and glam 70s chocol

  • Trouble

    • 8 out of 10
    • Ray LaMontagne
    • At first, Ray LaMontagne might strike you as just another breathy-voiced knockoff of folk/rock guitarists like John Mayer and Jack Johnson. But he's actually got a better voice than either, he tell

  • Perverse

    • 8 out of 10
    • Jesus Jones
    • When you think of Jesus Jones, chances are you can't remember them at all, or you vaguely remember "Right Here, Right Now" because it has been use

  • Every Day: The Best of the Verve Years

    • 8 out of 10
    • Joe Williams
    • Joe Williams was Figure Two in my three-man education in singing. A brilliant vocalist, scatter, and interpreter of jazz and blues, Williams produces music that's totally unique, yet sounds so effortl

Reader Specials

Visit Deals On The Web for the best deals on all consumer electronics, iPods, and more!

iPhone

Charlie Miller to Unveil Unpatched iPhone SMS Hole

Security researchers Charlie Miller and Collin Mulliner have announced that they will unveil a security hole that could allow the bad guys to hack "every iPhone in the world," and do so with relative ease. The issue involves an unpatched SMS Texting -- the technology used to send text messages between mobile phones -- buffer overflow hole that would allow a hacker to take over your iPhone by sending you 512 SMS messages, only one of which would be seen.

Worse, the visible message would show up as a single square character, and even that is subject to improvement (from the bad guys' perspective) to invisible characters, or something more benign.

Mr. Miller told Forbes magazine that he told Apple more than a month ago, but that the hole still had not been patched. He intends to demonstrate and publish it on Thursday at the Black hat cybersecurity conference in Las Vegas.

"This is serious. The only thing you can do to prevent it is turn off your phone," Miller told Forbes. "Someone could pretty quickly take over every iPhone in the world with this."

He added, "I've given them more time to patch this than I've ever given a company to patch a bug."

Once in control, the hacker could make phone calls with your phone (for instance, to 1.900 numbers that cost by the minute), send e-mails, or perpetrate the same attack against everyone in your Address Book, allowing it to spread quickly and easily.

Until the hole is patched, the only solution once you are infected is to turn your iPhone off.

Mr. Miller also said that a similar hole exists in the Windows Mobile, but that he had only discovered that on Monday, and had not yet notified Microsoft.

Mr. Miller has often made headlines in the Mac and iPhone press for publishing and demonstrating security holes in Mac OS X and the iPhone, and by winning multiple pwn2own contests that challenge hackers to take over a computing device remotely.

11 comments from the community.

You can post your own below.

SMSGuys said:

WTF! This is serious! What the F is SMS?

   Quote

Lee Dronick said:

I get the feeling that Charlie is on a Harley with a loud exhaust, “Hey look at me!”

   Quote

Bryan Chaffin said:

I added a line explaining what SMS is.

Harry, I don’t see Mr. Miller as the bad guy here. I believe Apple needs to do a better job of embracing the independent security community and do a better job of communicating with them. It took Microsoft years to learn that lesson, and I wish Apple would, too.

In other words, I appreciate the efforts of people like Mr. Miller to push Apple, Microsoft, Google, the Linux community, etc. to pay more attention to these security issues.

   Quote

Lee Dronick said:

Harry, I donít see Mr. Miller as the bad guy here. I believe Apple needs to do a better job of embracing the independent security community and do a better job of communicating with them. It took Microsoft years to learn that lesson, and I wish Apple would, too.

He told Apple about it a month ago and it hasn’t been fixed fast enough for him so he is going to show the World how it works.

Maybe Apple wants to fix it so that it doesn’t break somewhere else and is taking the necessary time to do that. Or maybe there is no way that the exploit will work in the wild. But either way, he should keep it between him and Apple.

   Quote

daemon said:

Sir Harry Flashman,

The quote was “more than a month ago” not “a month ago.”

Apple has a piss poor track record of patching security holes in a timely manner.

   Quote

Lee Dronick said:

Apple has a piss poor track record of patching security holes in a timely manner.

That does not change my opinion of Miller.

   Quote

Tiger said:

Is he aware that OS 3.1 is imminent and a probable fix is likely?

   Quote

Lee Dronick said:

See this story at CNET. Some of the security experts who were to speak at Black Hat had their websites hacked.

   Quote

Lee Dronick said:

Miller showed a reporter how it is done, see this story at CNET

   Quote

b9bot said:

Bryan is right, if he was so concerned about security then why would he threaten Apple and release the information to the world. He’s looking for attention, that’s all. He doesn’t give a hoot about security, he’s only trying to get some kind of pay off for not telling.
Apple isn’t into BLACKMAIL Miller.
If there is an issue like Bryan said, Apple is working on it. But also making sure they don’t open another door in the process and that takes time.

   Quote

b9bot said:

Apple has a piss poor track record of patching security holes in a timely manner.

Really? Then why is it that Apple has never had a real breach in security unlike Microsoft who has had millions of them!

   Quote

Page 1 of 1 pages

Post Your Comments

  Remember Me  Forgot your password?

Not a member? Register now. You can post comments without logging in, but they'll show up as a "guest" post.

Commenting is not available in this section entry.