iPhone and SMS hack - what does it mean?

Countless news articles are floating around about the iPhone and SMS hack. I will explain it here in "normal" terms and explain what all this means to you.

Introduction
Yesterday, Thursday 7/30/09, two security expert (also known as hackers), presented a way to hack an iPhone by sending it a specially made SMS (text) messages. This presentation was held at Black Hat which is one of the largest hacker conference in the world. Since Wednesday all the buzz has been around this iPhone hack with a lot of speculation and rumors flying all over the place. Here are the facts I have captured.

What is the hack?
An attacker can send an iPhone or other vulnerable device a specially made SMS message. You will notice a single character, blank, or carrier SMS text coming from 611 or somewhere unknown. In the background the phone will be controlled by the attacker.

How does it work?
The attack occurs by a memory corruption in the way the iPhone handles SMS messages. For the hack to work the attacker must send hundreds of SMS control messages which you do not see. You would only see one SMS message coming in. In the background you will be receiving the control messages that have the ability to do many different things.

What can be done with this hack?
An attacker could exploit this security hole to make calls, steal data, send text messages, and do more or less anything a person can do on their iPhone. Speculation around being able to put a virus on your phone before you can turn it off have been thrown around as well. Basically not a good thing if you receive a message like this.

Does this only affect the iPhone?
No this hack works in conjunction with the way GSM networks work. GSM networks in the USA include AT&T and T-Mobile. The hackers also showed an Android phone (which Google claims they have already fixed the issues) and a Sony Ericsson phone beeing hacked in a live demonstration. Here are the images. BlackBerry's have not been addressed but it is doubtful this hack works on those devices.

Who can do this?
Currently only a limited amount of hackers have the capability to do this. However they will be releasing a tool that uses these vulnerabilities to the general public on August 15th through Cydia (the App Store for Jailbroken iPhones). So consider yourself semi-safe until that day.

What about Apple? Do they know about this? Fixing it?
According to the researchers they notified Apple as long as 6 weeks ago about this vulnerability. Apple claims to be working on a fix. The hackers also notified the GSM alliance which has been working to fix this issue as well. Our best hope is that the fixes come out before August 15th.

How do I know this is happening to me and what can I do?
You will receive a text message from 611 or a strange number that looks weird, it might have one character or a message like the example the hackers gave: "You've received a free $20 credit..." or "New settings received. Install?". If this happens to you the only thing you can do to stop it is to turn off your phone immediately! Even then it might be too late.

I am paranoid is there a fix now?
The only claim to fix this now on the iPhone involves disabling SMS text messages altogether. You would need to jailbreak your phone and log in via SSH. If those two sentences made sense, feel free to read the how to over at quickpwn.com.

Further Reading
News articles: ZDNet or The iPhone Blog or AP News.
White paper on Hijacking Mobile Data Connections and a detailed blog on the presentation.

As you can see this can become a huge issue if Apple and GSM carriers do not fix the issue prior to August 15th. As soon as the newest iPhone software is released, update your phone, no questions asked. I will keep you updated on the latest findings.

Till next time,
Jorge Orchilles