Apple iPhone SMS Vulnerability Provides Root Access Remotely

During a presentation at the SyScan conference in Singapore, Charlie Miller, a renown security expert and winner of the Pwn2Own hacker contest, unveiled a disturbing vulnerability in the iPhone. The vulnerability would allow him to inject SMS messages into the iPhone and then have the recipient of the message automatically run malicious code on the phone.

The worst part of the vulnerability is that the owner of the phone would run the code without any kind of warning that such code is being ran on the phone. The malicious code could contain a payload that would make your phone join a DDOS attack or botnet on a web site or address. It could also contain code that would present the attacker with your precise location, live on a map as well as take pictures or turn on the audio recorder to snoop in on what you were talking about.

During the presentation Miller said that the iPhone requires applications to run in a sandbox type mode which is a security feature that isolates third party apps from having certain abilities on the phone, especially root access to the device. However, with SMS - there are no such sandbox and no restrictions because Apple trusts their own code and that it couldn't be tampered with therefore by exploiting a vulnerability with SMS, the attacker can gain full root access of the device.

"The iPhone is more secure than OS X, but SMS could be a critical vulnerability," Miller went on to say.

Miller has informed Apple of the vulnerability and has not released it into the wild. Apparently, Apple will be including a fix in the iPhone 3.1 OS update that was just recently sent to developers to test.