Multi-part SMS stops iPhone
In two presentations at the Black Hat conference, hackers demonstrated SMS attacks that target the iPhone and other smartphones. The iPhone attack was previously announced in early July. Presenter Charlie Miller, who discovered the hole, said at the time that further investigations would be made.
It appears that these investigations have now been completed, because the programmer demonstrated how to cripple the Apple iPhone using specially crafted SMS messages. At the conference, Miller used multi-part SMS messages, but didn't send all their parts. This allows the iPhone's internal heap to be manipulated in such a way that a further SMS can set the program counter. The counter determines which step of a program is to be executed next.
In theory, this allows arbitrary programs to be executed on the phone. Both the original iPhones and phones that have been jailbroken are vulnerable to the attack.
Miller anticipates that new SMS worm exploits will attempt to read out the phone book and be able to autonomously attack other iPhones via the telephone network. In his joint presentation with Colin Mulliner later today, the specialist intends to demonstrate how to detect such vulnerabilities.
The Black Hat presentation of Zane Lackey and Luis Miras deals with SMS attacks on mobile phones in general. The two speakers plan to present tools that allow users to test the security of their devices.