Newsletters

Select newsletters below and click the button to sign up!

Boston News NY News
DC News Internet Daily
SiliconValley News
InternetNews Business Report




Become a Marketplace Partner


Partner With Us


Internetnews Bloggers

Recent Entries

Archives

August 2009
Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          

Monthly Archives

Search The Blog

Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT



Apple iPhone SMS attacked by researchers #BlackHat

By Sean Michael Kerner on July 30, 2009 10:21 AM
iphone_apple_logo3.jpg
From the 'txt'ing is dangerous' files:

LAS VEGAS. Between 11:15 and 12:30 AM PT today, security researchers Charlie Miller and Collin Mulliner will publicly show off a highly exploitable SMS flaw in Apple iPhone (at least it is at the time of this blog post).

Going a little deeper the flaw isn't just an iPhone issue and in fact there are two seperate sessions at Black Hat this morning talking about SMS flaws in general.

"We (will) present techniques which allow a researcher to inject SMS messages into iPhone and Windows Mobile devices," Miller's states in his talk abstract.

I'll see it for myself in a few hours along with hundreds of other people that are likely to back the session hall. What Miller will demonstrate is how fuzzing - which is a technique that basically throws garbage input at a process - can be used to generate a fuzzed SMS message that triggers the flaw.

Fuzzing is a technique I've written on before and it is very valuable for all type of software analysis. Two years ago I spoke with the professor that invented Fuzzing and this is how he described it to me:
"I describe Fuzz testing as the stone axes and bear skins version of testing," said Bart Miller, a professor of computer science at the University of Wisconsin. "You throw a bunch of junk at a program and see if it explodes. It's not a form of testing that can substitute for really thorough case-wide testing, but it's fast and really easy, and as part of your testing toolkit, you should really always do it. It's a primitive form of testing, though it is crude but effective."
Crude, effective and apparently able to take down the SMS network too.

Charlie Miller, knows Apple inside out and I first saw him talk about hacking iPhones here at Black Hat back in 2007. The issue that Miller found in 2007 was  was unpatched until just ahead of his talk. It will be interesting to see as the hours tick by if Apple is able to do the same this time around.

| Comments (2) | TrackBacks (0) | Share

0 TrackBacks

Listed below are links to blogs that reference this entry: Apple iPhone SMS attacked by researchers #BlackHat.

TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/8590

2 Comments

Zack said:

WOW the black hat conference started and nothing happened...

July 30, 2009 12:02 PM
User said:

Wow, my iPhone was not patched until today, and still nothing happened :-)

August 7, 2009 2:24 PM

Leave a comment