Blackhat newsflash: Researchers showed that an iPhone SMS virus infection is possible at Blackhat
Charlies Miller’s and Collin Mulliners talk “Fuzzing the Phone in your Phone” today revealed full details that could make the first iPhone virus infection at the Blackhat security conference in Las Vegas.
Large SMS messages are cut up in smaller SMS messages, this means that the SMS messages need to be parsed by the phone to put it back together and thus can be used as an attack vector to breach the phone. By using a technique known as fuzzing, Miller and Mulliner where able to find exploitable conditions that could be turned into an attack and an iPhone virus. The attack takes a total of 519 SMS messages, but will work without any user interaction.
Charlie Miller urges anybody with an iPhone to turn it off if they get a text message with a single square character. “That small cipher will likely be the only warning that someone has taken advantage of the bug”.
Apple was notified on the 18th of June and to date has not released a fix.
They also showed that smart phones like the iPhone and Adraoid and Windows mobile phone based devices can be forced to stop working with a single crafted SMS. The simplest attack was against HTC Windows Mobile phones which crash on any SMS containing the character sequence: “%n”.