Home » » iPhone SMS Virus

iPhone SMS Virus

Written By Hans Berger on Thursday, July 30, 2009 | 3:05 AM

...

An iPhone hacker, Charlie Miller will release the world's first iPhone virus today. He discovered an SMS hack 6 weeks ago and reported it to Apple, but iphone-sms-virusApple has yet to release a patch. Miller and his fellow cybersecurity researcher Collin Mulliner will both explain and reveal their iPhone SMS exploit some time today at the Blackhat cybersecurity conference in Las Vegas.

iPhone SMS hack details


How does the SMS hack work? Firstly, this hack does not requirreleae the victim to download any file. The attacker only needs to know the victim's phone number. Miller says the attack is enabled by a serious memory corruption in the way the iPhone handles SMS messages. For the attack to work, an attacker must send hundreds of SMS control messages (different from regular SMS messages) and only the initial SMS will be seen. This attack works on both the iPhone and the Andoid. What does the iPhone SMS hack do? This hack can allow the attacker to make calls from your iPhone, steal your data, send text messages, and also spread the attack to other iPhones in your address book.

How to recognize and avoid the iPhone virus


If you get a strange text message containing any square box, even if it's from a recognized number you may be the victim of the iPhone virus.

You have two choices:

  1. Put your iPhone in Airplane mode: Go to Settings -> Airplane Mode and slide the button to Off.

  2. Hold down the power button, and slide to turn your iPhone off.

The only thing we can do now is wait for Apple to release a patch. We expect Apple to release the iPhone 3.1 update by September, but hopefully this exploit causes them to release it earlier. iPhone Forensics expert, Jonathan Zdziarski and iPhone hacker p0sixninja from the Chonic Dev Team recently tweeted about the possibility to release their own patch for this vulnerability (only available through a jailbreak). I'm hoping Chronic Dev Team will be able to release a fix for this as this will show Apple that they are wrong about the jailbreaking community. Apple dislikes jailbreaking and is trying to make it illegal. Will the Chronic Dev Team release a patch first or will Apple?  We will keep you updated on this and also post a guide on how to patch once a patch is released! Subscribe to our RSS feed or bookmark this post for updates. Do you think it's vey irresponsible for Apple to not have released a patch yet? Leave a comment.

Update: An iPhone virus patch has been released!

More links:

Update: Apple has released the iPhone 3.0.1 update which should take care of this!

...

Share this article :

+ comments + 25 comments

Eliezer Almonte
July 30, 2009 at 3:25 AM

Hoorray for the Jailbreaking community!! FTW!

July 30, 2009 at 3:41 AM

Apple really needs to get on their game with this stuff. I hope that either the Chronic Dev Team gets a patch out for this or Apple pulls their heads out of their ass and do something about it and stop whining about the jailbreaking community. It kinda hard to stop the community because we will just find another way around it and they'll lose tons of customers. Me personally I lost faith in the iPhone when I don't get to run Java in my browser...
Anywho hopefully no one gets this, and good luck to all, time to backup the iphone for me.

DanTheMan
July 30, 2009 at 3:59 AM

Wow was waiting for this to happen...i already know that there are certain "apps" in cydia that can corrupt your iphone...but wow something for the un-jailbroken community...what a bummer.

Seriously why release this information...why not keep it to themselves if they are a cyber security company...this seems to be another Nazi take over and they are trying to hurt alot of ppl with this exploit...

@eviLlinux- Apple and Java are working still with the use of javascript working...it is Java who is having issues....they dont want to alter their program enough to run in Safari...even tho Apple wont alter Safari enough to run Java...its only due to the fact that Apple does not want to sacrifice security.

Anyways i hope Apple can get outta their money pile long enough to take care of this issue and when they do release 3.1 a patch covering this exploit will be there....

Mattlawer
July 30, 2009 at 4:03 AM

Does this work with 3.1 beta 3 ?

Sheek360
July 30, 2009 at 4:57 AM

Hopefully the dev team pulls through. It will build an amazing case for their side if apple tries to make jail breaking illegal.

Martin
July 30, 2009 at 4:59 AM

Does turning off the phone clear the problem, or will turning the phone back on re-enable the hack?

Mike
July 30, 2009 at 5:33 AM

Yeah once you turn off your phone, then what???

Gus Mitchem
July 30, 2009 at 6:18 AM

Idiots! The point is thats the only way to avoid getting the virius.

Rick
July 30, 2009 at 12:11 PM

Okay, here's to complete the article. It is a hole in the iphone's security. There is no reason to panic as of yet. The hacker sends 500 texts that allow him to access the iphones rootfiles giving him the ability to use your iphone for basically anything. In the 500 texts, you only get one, which you will see a box character. That is your notice to disconnect from the 3G/Edge network (wifi is fine, hence airplane mode disables the hack). The same goes for turning it off, you are only disconnecting from the network. If you disconnect after getting the last text with the box character, it negates the 500 texts meaning the hacker has to redo it, thus being a simple cat and mouse game. I will not however comment on apple or the dev team patching this, for it as of right now is anyones guess.

scott
July 30, 2009 at 4:58 PM

hmm yea so these "tools" to send Service messages have been around forever and how he did the
"hack" is pretty easy , Kudos for getting notoriety for it. Another groups of dorks who are 10 years behind are going to be rich God bless america.

Theanimaster
July 30, 2009 at 5:46 PM

I think it's VERY irresponsible that Apple doesn't release a patch before anyone else. I mean... I was always damning Nokia phones for being vulnerable to Symbian viruses and now knowing that an iPhone virus exists just makes me wonder about how safe I'd be if I got an iPhone afterall.

Now I'm starting to really wonder if there are no viruses on the mac simply because of the market share (as everyone explains)?? Like how easy WOULD it be to make a virus for macs? If macs had the same market share as Windoze PCs... would we have the same amount of viruses I wonder?

Matt
July 31, 2009 at 6:57 AM

"If macs had the same market share as Windoze PCs… would we have the same amount of viruses I wonder?"

You really think this is the first apple virus/hack??


iHACK

July 31, 2009 at 8:18 AM

[...] that iPhone virus we wrote about here yesterday? Guess what, Apple has finally patched it! Today Apple released [...]

ashot
July 31, 2009 at 8:20 AM

Hey if the hacker dose make a call and you find it in your bill. Can't we report it to the police and they will trace the connection. This is possible but the connection can be encrypted so we won't know anything except where it is.

Applelover
July 31, 2009 at 3:54 PM

Don't hate on Apple! It's been six weeks, well, I'm sure they're busy at work, how about YOU try fixing a BIG hole in the security! Ya, that's what I thought.

Jay
August 2, 2009 at 2:23 AM

Are you an idiot?

A) They told Apple 6 weeks ago. If it takes Apple 6 weeks to fix a security hole, then it's their own dumb fault.

B) What do you "Java don't want there program to run in Safari"?? Java is nothing to do with Javascript (which is simply a dialect of ECMAScript) - both of which are not companies or entities. Javascript is simply a standard which Apple are too dumb to incorporate into their browser (which they stole off the KDE Project anyway...)

Guilty
August 3, 2009 at 12:41 PM

Wouldn't that be awesome if the Dev team came up with a fix? That would show apple something

does anyone know of a jailbreak fix?

Anon
August 5, 2009 at 3:14 AM

I must say that I'm rather unimpressed with the iPhone. Coming from the PC world I guess I have high expectations for the oh so prominent Apple Inc. Sorry but Microsoft still get's my vote.

The Android is also a better platform in regards to development and scalability.

Apple is kicking itself in the ass with the jailbreaking and community it has unintentionally developed. Unapproving applications that actually make the iphone a decent product will continue to be a huge downfall.

iPhone is pretty much useless without jailbreaking.
If you jailbreak the iPhone your battery expectancy is cut in half...

Apple's and Oranges.... Go with Android.

Winter
August 5, 2009 at 11:27 AM

Got virus 7/29/09. Txt MSG popped up saying "txt message alert- open immediately".since my phn was locked , MSG said unlock phn to read. I showed it to my sister, she screamed and said don't open it. I tried erasing MSG but since it would not allow me unlock phn . I turned off phone. Guess what MSG was still there!! Hardbooted phn message was still there. I unlocked phn took me directly to message. I quickly erased it. That day i noticed on the wall paper page atop where time is, is a faint time stamp saying" 1:29 pm Sunday July 29."
, the exact time the virus hit. I can not update apps. I called 611, it asked me If I was calling from the phn # that I was currently on.... It gave me another phn #! before I could take it down it repeated my number ... Somehow it switched to my number. As I am typing this my phn keeps returning me to the top of this web page!!! The virus has evolved... Turning the phn off does not work!!

DiGi
August 21, 2009 at 10:38 AM

I have never seen so many tools posting so many toolish responses. What a bunch of f'ing tools, my god.

September 1, 2009 at 4:29 PM

i unlocked my 2G iphone using redsn0w to 3.0 and noticed right away that my SMS text messages were being deleted every time i clicked on the green SMS icon. is this a bug? or something else. why are all my SMS messages being deleted the moment i click on the green icon, which apparently doesn't enumerate the number of text msgs received anymore.

Steven
September 20, 2009 at 8:01 PM

Hey I had went to some website and I get this text message said this page got a virus and ask
me if I want to scan the virus.Under neat the text message it got a button say close and open. I just hit the close button and hold down top button and middle button on my iPhone to reboot so it can show apple icon.After my iPhone got reboot I went to the photo icon and open up my photo folder. And some how it show my iPhone display wallpaper on photo think that I been take a picture of it on another device.And also on my twitter account I got this same person with same image but got a difference name in follow me with more follow to it.Therefore I wonder that is I just save my iPhone from getting the virus. Or I just went to late to save my iPhone and the virus is there.Please someone help me out or response too me for the answer.

November 19, 2009 at 12:33 AM

If a phone can get a virus, then it is too complicated for me.

Mysts
December 31, 2009 at 7:06 AM

Steven, it's called a screen shot. You did it by hitting the home and lock button. All iPhones can do them. There's nothing wrong with your phone. You just need to learn to use it.

Zac
April 6, 2010 at 3:30 AM

What the heck is "requirreleae" ?

Post a Comment

 
Copyright © 2012. QuickPWN - All Rights Reserved.
..