There is a big security hole in the new iPhone OS 3.0, new firmware by the end of the month

4. 7. 2009

MacOS X security expert Charles Miller has revealed that Apple is working on fixing a major security flaw in the new iPhone OS3.0 at his suggestion. By sending a special SMS, anyone could find out the location of your phone or easily eavesdrop on you.

The attack works in such a way that the hacker sends a binary code via SMS to the iPhone, which may contain, for example, an eavesdropping application. The code is processed immediately, without the user being able to prevent it in any way. Thus, SMS currently represents a great risk.

Although currently Charles Miller can only hack the iPhone's system, he thinks that things like location detection or remotely turning on the microphone for eavesdropping are probably possible.

But Charles Miller did not reveal this mistake in public and made a deal with Apple. Miller is planning to give a lecture at the Black Hat Technical Security Conference in Los Angeles on July 25-30, where he will speak on the topic of discovering vulnerabilities in various smartphones. And he would like to demonstrate this, among other things, on the security hole in iPhone OS 3.0.

Apple thus has to fix a bug in its iPhone OS 3.0 by this deadline, and this is perhaps the reason why a new beta version of iPhone OS 3.1 appeared a few days ago. But overall, Miller talks about the iPhone as a very secure platform. Mainly because it lacks Adobe Flash or Java support. It also adds security by installing only apps digitally signed by Apple on your iPhone, and 3rd party apps can't run in the background.

Topics: iPhone OS 3, firmware, hacker, sms, microphone, MacOS, phone, user, iPhone, Application

Discussion of the article

McHa

4. 7. 2009 23:29

""Also adds security by only installing apps digitally signed by Apple on your iPhone, and 3rd party apps can't run in the background.""
– this sentence is false and especially in our regions, where JB iPhones are relatively common, and therefore it IS possible to install 3rd party apps not signed by Apple on the iPhone – when I still needed JB, I had many such applications and I wrote simple ones myself: ) and I have never dealt with anything with Apple.

Paul

5. 7. 2009 10:01

I wonder if Apple will bring any other fixes or improvements in addition to security. Thanks for the reply

Vone Streamer

5. 7. 2009 10:42

Will the romro update by any chance fix the faulty bluetooth headset control support? For all buttons to work

Your name

Your comment

By filling in the above data, I acknowledge that the company TEXT FACTORY s.r.o., registered office in Brno, Durďákova 336/29, Černá Pole, ZIP code: 613 00, ID number: 06157831, registered at the Regional Court in Brno, section C, insert 100399, will process my personal data provided in the registration form filled out by me on the basis of the legitimate interests of TEXT FACTORY s.r.o. according to Article 6 paragraph 1 letter f) GDPR and to fulfill legal obligations (Article 6, paragraph 1, letter c) GDPR), for the following purposes: the necessity to ensure the authorization of visitors to websites operated by TEXT FACTORY s.r.o. to actively contribute to published articles or within discussion forums and exercising the rights of TEXT FACTORY s.r.o. as the administrator of these discussion forums. More information about the processing of personal data and rights can be found in Lessons on personal data protection. the entire text

Related