Apple has issued an update to the iPhone software to address the SMS-based security threat that was exposed by experts last week. In its description of the software update – officially known as ‘iPhone 3.0.1’ – Apple said it was developed to fix “a memory corruption issue [that] exists in the decoding of SMS messages. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption or arbitrary code execution.” Apple credited security experts Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Technical University Berlin for reporting the issue. Miller exposed the threat at a cyber-security conference in Las Vegas last week and the story was widely reported in the mainstream media.
The hack worked by sending the owner a string of text messages seemingly containing a single square character, which hides code for an executable file that can embed itself in the device’s memory. Unless the iPhone is switched off immediately on receipt of these messages, the hacker is able to assume control of some of the iPhone’s key functions, including dialling numbers, surfing the web and sending texts, and potentially access to sensitive personal data. “Someone could pretty quickly take over every iPhone in the world,” warned Miller last week. “It’s scary.” However, other experts downplayed the seriousness of the threat saying it would it would take around 512 text messages to launch the attack, and if any messages were deleted before the sequence was complete, the threat would be neutralised.
Comments