Apple working on iPhone SMS security vulnerability

By on

supp_sms20081208

Apple is working round the clock in fixing a security hole in the iPhone operating system that could allow an attacker to remotely have root access to the device and install and run unsigned software code that could potentially allow your iPhone to be part of a botnet.

The new security hole was found by Charles Miller, security researcher and co-author of the Mac Hacker’s Handbook, at the SySan Conference in Singapore, according to a report by Computerworld. He, however, has left no description on the attack, citing an agreement with Apple not to disclose it.

The security vulnerability could allow the attacker to run code written in the SMS over a mobile operator’s network, and could include commands that include telling the attacker your location using the GPS, eavesdrop on your conversations with the microphone, or make the phone part of a mobile botnet capable of sending DDoS (distributed denial-of-service) attacks on a site.

Despite finding the vulnerability, he says that the iPhone’s OS, which is a stripped down version of the Mac OS X operating system, is a more secure version of the OS than computers running the full-blown version of the operating system as it offers fewer options for attackers.

It also have limited features, including no support for Adobe Flash and Java, which could be exploited by attackers,. The phone has also been designed to store memory digitally signed by Apple only.

Apple is said to be working on a fix for this vulnerability before Miller discusses it at the Black Hat USA conference in Las Vegas.