Pregled posta

Adresa bloga:


Be afraid of SMS, be very afraid...

A few days ago cybersecurity experts Charlie Miller and Collin Mulliner exposed a great vulnerability in the iPhone’s SMS app which could allow hackers to easily take control of a victims iPhone simply by sending an SMS. The two have now released more information on the hack at the Black Hat conference in Las Vegas including what to do if you get one of these SMSs.
Before we start, they have stated that iPhone’s are not in immediate danger yet. They claim that it will take a long time for hackers to manifacture the code to be able to do this SMS hack.

Here is the main points as simplified by

1. The major issue is a security flaw involving SMS. Specifically, the hack can control an iPhone remotely, including your iPhone’s camera, SafariSafari, and more. It can even send messages to friends in your address book, which is where this hack becomes scariest.
2. The hack works by sending you code in an SMS message (or a series of messages) that crashes your iPhone. After that, your iPhone is theirs to use.
3. The offending text would come in the form of a single square character. If you get the square character, turn off your phone IMMEDIATELY.
4. You only have to receive the message to get hacked; you don’t even have to do anything with the text message.
5. The flaw was discovered by noted security expert Charlie Miller, who has hacked everything from MacBook Airs to Second Life, and partner Collin Mullinger.
6. The attack was presented publicly at the Black Hat conference. The duo decided to do this after Apple gave them no response back in July, when they provided Apple with information on the security flaw. The goal is to bring attention to the flaw (which they are clearly getting).
7. According to Reuters, now that the vulnerability is exposed, hackers could build software that mounts this SMS attack within the next two weeks.
8. Apparently Google Android, Windows Mobile phones, and Palm Pres are vulnerable to similar hacks. The team demonstrated the attack on an AndroidAndroid phone and a Windows Mobile phone.

Post je objavljen 04.08.2009. u 11:35 sati.