Home / News / Mobile Phone News / Apple Patches iPhone SMS Vulnerability

Apple Patches iPhone SMS Vulnerability

Gordon Kelly

by

Apple Patches iPhone SMS Vulnerability

It may have taken O2 to come out and finally admit the iPhone had a serious security flaw but Apple has now sprung into action to fix it.

In a statement to the BBC late last week the network operator downplayed any panic saying: "We will be communicating to customers both through the website and pro-actively. We always recommend our customers update their iPhone with the latest software and this is no different."

In response Apple has released iPhone OS firmware 3.0.1 which specifically "Fixes SMS Vulnerability" and it is compatible with the iPhone, iPhone 3G and iPhone 3GS. It's a full upgrade, clocks in at 230MB and if you've unlocked your handset I'd be very careful indeed.

It closes a hole which made the iPhone susceptible to an SMS hack which allowed a hacker to take full control of the handset. It worked by sending modified SMS messages and once compromised would enable remote control of applications, sending messages and access to contacts and the camera. Every iPhone was vulnerable whether running the latest 3.0 firmware or not.

In actual fact, the iPhone was not alone in this vulnerability. Windows Mobile and Google Android smartphones are also currently susceptible but Google has already said it is working on a fix and Microsoft isn't thought to be far behind.

Expect to hear renewed calls for antivirus solutions on smartphones all week. Quite how that would work on an iPhone - which doesn't allow the running of background applications - is another matter entirely...

Update: Apple has released a statement about the update: "We appreciate the information provided to us about SMS vulnerabilities which affect several mobile phone platforms. This morning, less than 24 hours after a demonstration of this exploit, we've issued a free software update that eliminates the vulnerability from the iPhone. Contrary to what's been reported, no one has been able to take control of the iPhone to gain access to personal information using this exploit."

No word yet if it does relock unlocked and jailbroken handsets or if it brings any performance tweaks or new functionality. Anyone spot anything?

Update 2: The Dev Team has confirmed the same iPhone firmware 3.0 unlock will also work with the new 3.0.1 firmware.

Link:

via BBC News

Jmac

August 3, 2009, 2:57 pm

Good news. I'd be surprised if it brings any new functionality or performance tweaks, or even relocks jailbroken handsets - this is clearly an emergency patch specifically aimed at fixing this security vulnerability, and will have been released as soon as it was ready, to allay security fears.

Ben

August 3, 2009, 4:15 pm

What interests me most is how OS X Mobile, Windows Mobile and Android are all affected by this. It's not a flaw in SMS itself. They must all share some sort of open library? Anyway, glad Apple patched it so quickly... Microsoft will have the hardest time rolling this out given they have no clear update path.

DrDark

August 3, 2009, 4:18 pm

Knew they'd put a spin on this. 24 hours? I remember reading an article somewhere where the "hackers" mentioned at the conference that they'd told Apple over 2 weeks ago.

MrGodfrey

August 3, 2009, 7:02 pm

Certainly interesting that the iPhone, Win Mobile and Android are all said to be affected... is Symbian not susceptible to this sort of thing, or is it just that no-one except me still uses Symbian phones so no-one thought to check? ;)

DrDark

August 3, 2009, 8:03 pm

I've raved about it so much someone's going to call me a fanboy soon. But I love me E71 and Symbian. :)

Ben

August 3, 2009, 8:18 pm

lol @ Symbian. Well, Nokia are typically pretty good with SMS standards, and industry standards in general I suppose. I'd have expected nothing less!

comments powered by Disqus