Bits 'n Bytes

Apple released software update 3.0.1 for the iPhone OS which protects against attacks via malicious SMS messages. Mac Hacker Charlie Miller discovered this security vulnerability and presented it at the Black Hat security conference on Thursday.

I am amazed that an SMS message can completely take over a phone.  It doesn’t seem like a simple text message could execute code.  But the iPhone bug allowed the attacker to completely take over the phone and have it send private information back to the attacker including it present location via the GPS.  And it is not just the iPhone, Android and Windows Mobile phones have similar vulnerabilities.

And if that is not enough, Miller’s fellow security researcher, Dino Dai Zovi, presented a new way for a rootkit to be installed on the OS X operating system (which is used for both the iPhone and Macs).  Rootkits are a common way for malicious software such as botnets to hide on a computer.

Apple ads like to point out how vulnerable PCs are are to viruses and malware, but the truth is no computer software is immune to attack — there are more PCs than Macs and that makes Windows a more attractive platform for malware developers.

The good news is that even though Miller says Apple was slow to provide a fix (he told them about the problem some time ago), Apple did provide an update for the iPhone the day after Miller’s presentation at Black Hat. It would be a good idea for everyone to update to the latest version of the iPhone software.

Personally, I wish there was a way to block SMS messages altogether.   I’ve always preferred to send e-mail over text messages and it seems silly that a short text costs extra.  But I suppose blocking SMS will never be an option since the carriers must make a bundle from those texting plans.