Get Better Gear!

Premier Sponsors

TechRestore

Other World Computing

Top 5 Free Apps

Sheep Launcher Free!
Kronos Games
Release Date: August 05, 2009
Genre: Games
Boxed In
Dennis Mengelt
Release Date: May 22, 2009
Genre: Games
Ninjas Live
Storm8
Release Date: August 29, 2009
Genre: Games
Bump
Bump Technologies LLC
Release Date: March 27, 2009
Genre: Social Networking
Discovery Channel
Discovery Channel
Release Date: August 07, 2009
Genre: Entertainment

iTunes New Music Releases

Black Gives Way To Blue
Alice In Chains
Release Date: September 29, 2009
Genre: Rock
Backspacer
Pearl Jam
Release Date: September 20, 2009
Genre: Alternative
The Resistance
Muse
Release Date: September 15, 2009
Genre: Alternative
Awake (Deluxe Version)
Skillet
Release Date: August 25, 2009
Genre: Rock
Ellipse (Deluxe Version)
Imogen Heap
Release Date: August 25, 2009
Genre: Alternative

Top 5 Paid Apps

The Moron Test $0.99
DistinctDev
Release Date: April 22, 2009
Genre: Entertainment
StickWars $0.99
John E. Hartzog
Release Date: March 31, 2009
Genre: Games
Bloons $0.99
Digital Goldfish Ltd
Release Date: April 05, 2009
Genre: Games

Discover New Music

  • Album Of The Year

    • 10 out of 10
    • Brother Love
    • Killer grooves, catchy riffs, edgy vocals with oh-so-just-right layered harmonies, and a drive that will move even YOU out of your chair, Brother Love's initial release is what rock and roll should be

  • 8:30

    • 10 out of 10
    • Weather Report
    • This is Weather Reports quintessential line-up captured live. Jaco Pastorious and Peter Erskine join Wayne Shorter and, of course, Joe Zawinul to create this masterpiece.

  • Haunted

    • 10 out of 10
    • Poe

    • Dropping like a bomb on some of the blah musical offerings of her contemporaries, Haunted was one of the best albums of 2000, obliterating the competition.

      Ostensibly a tie-in to her brot

  • The Wall (Deluxe Packaging Digitally Remastered)

    • 10 out of 10
    • Pink Floyd
    • Okay, someone had to say it, and though others on the iPO staff are more qualified to review this album, I decided the time was now. This is the quintessential concept album. Though others came before

  • Another Day on Earth

    • 10 out of 10
    • Brian Eno
    • In his first proper solo release since 1996's relatively cold "The Drop," Brian Eno has constructed a whimsical and ecclectic masterpiece which is arguably one of the year's strongest records thus fa

Reader Specials

Visit Deals On The Web for the best deals on all consumer electronics, iPods, and more!

iPhone

Charlie Miller to Unveil Unpatched iPhone SMS Hole

Wednesday, July 29th, 2009 at 4:00 PM - by Bryan Chaffin

Security researchers Charlie Miller and Collin Mulliner have announced that they will unveil a security hole that could allow the bad guys to hack "every iPhone in the world," and do so with relative ease. The issue involves an unpatched SMS Texting -- the technology used to send text messages between mobile phones -- buffer overflow hole that would allow a hacker to take over your iPhone by sending you 512 SMS messages, only one of which would be seen.

Worse, the visible message would show up as a single square character, and even that is subject to improvement (from the bad guys' perspective) to invisible characters, or something more benign.

Mr. Miller told Forbes magazine that he told Apple more than a month ago, but that the hole still had not been patched. He intends to demonstrate and publish it on Thursday at the Black hat cybersecurity conference in Las Vegas.

"This is serious. The only thing you can do to prevent it is turn off your phone," Miller told Forbes. "Someone could pretty quickly take over every iPhone in the world with this."

He added, "I've given them more time to patch this than I've ever given a company to patch a bug."

Once in control, the hacker could make phone calls with your phone (for instance, to 1.900 numbers that cost by the minute), send e-mails, or perpetrate the same attack against everyone in your Address Book, allowing it to spread quickly and easily.

Until the hole is patched, the only solution once you are infected is to turn your iPhone off.

Mr. Miller also said that a similar hole exists in the Windows Mobile, but that he had only discovered that on Monday, and had not yet notified Microsoft.

Mr. Miller has often made headlines in the Mac and iPhone press for publishing and demonstrating security holes in Mac OS X and the iPhone, and by winning multiple pwn2own contests that challenge hackers to take over a computing device remotely.

11 comments from the community.

You can post your own below.

SMSGuys said:

July 29th, 2009 at 3:29 PM

WTF! This is serious! What the F is SMS?

   Quote

Lee Dronick said:

July 29th, 2009 at 3:32 PM

I get the feeling that Charlie is on a Harley with a loud exhaust, “Hey look at me!”

   Quote

Bryan Chaffin said:

July 29th, 2009 at 3:36 PM

I added a line explaining what SMS is.

Harry, I don’t see Mr. Miller as the bad guy here. I believe Apple needs to do a better job of embracing the independent security community and do a better job of communicating with them. It took Microsoft years to learn that lesson, and I wish Apple would, too.

In other words, I appreciate the efforts of people like Mr. Miller to push Apple, Microsoft, Google, the Linux community, etc. to pay more attention to these security issues.

   Quote

Lee Dronick said:

July 29th, 2009 at 3:47 PM

Harry, I don�t see Mr. Miller as the bad guy here. I believe Apple needs to do a better job of embracing the independent security community and do a better job of communicating with them. It took Microsoft years to learn that lesson, and I wish Apple would, too.

He told Apple about it a month ago and it hasn’t been fixed fast enough for him so he is going to show the World how it works.

Maybe Apple wants to fix it so that it doesn’t break somewhere else and is taking the necessary time to do that. Or maybe there is no way that the exploit will work in the wild. But either way, he should keep it between him and Apple.

   Quote

daemon said:

July 29th, 2009 at 4:08 PM

Sir Harry Flashman,

The quote was “more than a month ago” not “a month ago.”

Apple has a piss poor track record of patching security holes in a timely manner.

   Quote

Lee Dronick said:

July 29th, 2009 at 4:27 PM

Apple has a piss poor track record of patching security holes in a timely manner.

That does not change my opinion of Miller.

   Quote

Tiger said:

July 29th, 2009 at 5:19 PM

Is he aware that OS 3.1 is imminent and a probable fix is likely?

   Quote

Lee Dronick said:

July 29th, 2009 at 6:05 PM

See this story at CNET. Some of the security experts who were to speak at Black Hat had their websites hacked.

   Quote

Lee Dronick said:

July 30th, 2009 at 8:22 AM

Miller showed a reporter how it is done, see this story at CNET

   Quote

b9bot said:

July 30th, 2009 at 10:24 AM

Bryan is right, if he was so concerned about security then why would he threaten Apple and release the information to the world. He’s looking for attention, that’s all. He doesn’t give a hoot about security, he’s only trying to get some kind of pay off for not telling.
Apple isn’t into BLACKMAIL Miller.
If there is an issue like Bryan said, Apple is working on it. But also making sure they don’t open another door in the process and that takes time.

   Quote

b9bot said:

July 30th, 2009 at 10:28 AM

Apple has a piss poor track record of patching security holes in a timely manner.

Really? Then why is it that Apple has never had a real breach in security unlike Microsoft who has had millions of them!

   Quote

Page 1 of 1 pages

Post Your Comments

  Remember Me  Forgot your password?

Not a member? Register now. You can post comments without logging in, but they'll show up as a "guest" post.

Commenting is not available in this section entry.