That iPhone in your pocket is nasty. If you’re not careful about screening SMS’s it can steal your personal details. And if you’re careless enough to jailbreak the thing, it can kill cell-phone masts. Seriously–even Apple says so.
Two cybersecurity experts are due to reveal a gaping security flaw in the iPhone’s handling of SMSs at the Black Hat cybersecurity conference today. It’s a simple hole through which a malicious SMS–which may appear as benign as a single random character, from a user’s point of view–can access pretty much any function within the iPhone OS.
That means a carefully crafted viral SMS burst (of which most would be invisible to a user) could dial numbers, switch on the camera or microphone to spy on what you’re up to, grab your personal data and forward it to a criminal, and, of course, send similar SMSs on to contacts in your phone book to spread the virus. Charlie Miller and Colin Mulliner, who discovered the vulnerability, apparently alerted Apple to the problem weeks ago, but the folks at Cupertino haven’t deigned to react yet.
Meanwhile, some of Apple’s employees are deeply concerned with the iPhone’s security, but only as far as illegally jailbroken phones go. As per legal requirements under the DCMA, the Copyright Office is currently investigating a request from the Electronic Frontier Foundation to legalize jailbreaking, or unlocking iPhones from Apple’s control. Defending its position, Apple has apparently submitted documents that suggest a jailbroken phone could give hackers access to the baseband processor code. That’s the built-in code that marshals digital messages going to and from the nearest cell-phone tower and your phone. According to Apple, a malicious coder could tweak this code and thus have a “catastrophic” impact on the cell-phone network.
As if that’s not bad enough, a similarly malicious coder could access the device ID segments of the hard-coded software and mask the telephone number from being revealed to the cell-phone grid. Apple is careful to note that this is something that would be “desirable to drug dealers.”
Hmmm. Are you skeptical too? It sounds like Apple is desperately clinging at arguments that defend its choice to completely lock down the iPhone to Apple’s control–an action that the company itself admits has been key to the success of the App Store, and its associated millions of dollars of profit. On the other hand, EFF lawyer Fred von Lohmann is saying Apple’s argument is preposterous, and as far as he knows, despite all the millions of already-jailbroken phones out there “nothing like that [cellphone tower hacking] has ever happened.” And, though Fred may indeed be right, his argument is terribly weak. If it is possible, then someone somewhere could choose to exploit the weakness at any time. With potentially nasty consquences.
In summary, that lovely iPhone in your pocket may not be as benign a product as you think. And if you start getting weird SMS messages today, then it’s probably a good idea to switch that baby off ASAP.