iPhone vulnerability unveiled at Black Hat security conference

An iPhone vulnerability has been unveiled at the Black Hat security conference at Las Vegas. Note: This is a vulnerability, not a virus. There are some article out there that claims that its a iPhone virus which is untrue. It is basically a security loophole.
The vulnerability allows hackers to knock an iPhone off the network, take control of the iPhone remotely or even send messages to friends in your address book. The hack works on a major security flaw involving SMS. Hackers just need to send you a series of SMS to make use of the vulnerability. And since you can’t stop an SMS from coming to your phone, there is no way to stop a hacker. The SMS text would come in the form of a single square character. Currently, the advice is to reboot your iPhone if you received such SMS.
Apple has been warned of the vulnerability since mid July and has not patched the loophole yet. Although the exact method are not revealed at Black Hat, it will just take a few weeks for hackers to write software to exploit this vulnerability. The vulnerability can be patched by either Apple or the operator. I suspect Apple is working on the patch now and it will roll out together with firmware 3.1 which should be on the way soon.
And for those other phone users who are laughing at iPhone users now, maybe you might want to know that Google Android and Windows Mobile are also vulnerable to this hack. (Although there is reports that Google has patched the vulnerability on Android) The vulnerability is caused by the way smartphone handle SMS. Which means almost all smart phone is at risk. iPhone is just an example to glorify the vulnerability. And of cos, to glorify the hacker’s name and reputation too. Which you would have notice, I didn’t mention their name at all in this blog. I’ll talk about this issue of hackers revealing vulnerability to public on another blog entry.
So remember, if you received single square character on your SMS, the best thing is to reboot your phone ASAP.
Update: Apple just released firmware 3.0.1 to patch this vulnerability. Pls update your iPhone asap.
Picture 21


  1. If you jail break your iPhone you can download an application in Cydia called “iBlacklist” It could stop text/calls from unwanted senders, Add the number and all text/calls will be sent to the application, I use it so I can’t be text bombed by script kiddies.

Leave a Reply

Your email address will not be published. Required fields are marked *