Black Hat: SMS Attacks Not Just for iPhones
Technologizer is reporting on the developing story on SMS attacks coming out of today's Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, almost all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing security and send data designed to get access and take control of the phone.
On the iPhone specific side, however:
In a final coup for the conference, Lackey and Miras demonstrated an iPhone app they call TAFT which can, at the click of a few buttons, transmit various types of attacks against specific, vulnerable phone models, including iPhones, and phones running the Windows Mobile 5 and pre-”cupcake” Android operating systems.
Vendors, including Apple are working on patching the exploit, though there is still no word which specific models or firmware versions are vulnerable.
More as the story continues to develop.
Editor-in-Chief of iMore, Executive Producer at Mobile Nations, co-host of Iterate and ZEN and TECH, cook, grappler, photon wrangler.
| Tweet |
|
|
Leave a Reply
Note: Comments must be civil, respectful, and on-topic. If a comment does not add to the conversation, if it contains spam advertising, or inappropriate language or content, it will be removed. Insulting the topic, author, staff, site, network, or other commenters will result in the comment being marked as spam and potential prevent future comments from appearing on the site. Do not post as a business or your comment will likely be confused with spam. Comments containing links may be held for moderation. Relax, enjoy, and share in the discussion.
Other coverage indicates that its ALL versions of the iPhone firmware that are at risk.
Further, the damage that can be done to the phone and the damage that can be done with a compromised phone seem to be much more serious for the iPhone.
http://news.zdnet.com/2100-9595_22-326501.html
This security flaw is common to some degree in all GSM phones as Rene points out.
It was a late addition to the GSM standard to allow Over The Air (OTA) updates that carriers can send to your phone to fix some minor problems in network settings, etc.
However, smart phones open this hole wide, because the phone OSs will allow execution of un-authenticated code, because they allow sending replacements for key files or (in the case of the iPhone) replacement executables.
This is a pretty egregious security flaw on Apple's part, they should have built better authentication into this process, especially if they are going to allow re-writing portions of the OS.
If the carriers block this mechanism entirely, OTA updates are no longer available.
This was a roadside bomb waiting to go off. It just so happens that when the target is a smart phone with weak security, the damage can be much greater.
Until the patch is released, this is a great reason to jailbreak and change the root password.
I asked this in the other comments section, but this one still has its new car smell.
There are ALL sorts of security demonstrations happening at Black Hat. They keep talking about the ‘demonstrations’.
Excuse my naiveté, but I am unclear: Do they just demonstrate that the exploit exists? They don’t actually divulge how to code for it or how to use it, no?
The reactionary response is that it is all over tonight
Dryland: That won't help according to several reports.
@Sheik:
They do not generally make all details known. http://www.informationweek.com/blog/main/archives/2009/07/blackhat_bombsh.html;jsessionid=TYYVZJFYWS3VYQSNDLPCKH0CJUNN2JVN
They did advise Apple of this exploit 6 weeks ago, including telling them how to protect against it, but Apple did nothing. The also told Apple that they were going to demo this, but Apple did nothing.
The carriers have some significant responsibility here too, its not ALL Apple's fault.
So far, this has not reached the New York Times, so Steve Jobs may not even be paying attention yet.
So basically this is the downside to the jailbreaking community. While still possible, it would have been far less likely - faaaaaar less likely - had the jailbreak community not existed, and plasted root passwords all over the Internet.
Thanks guys!
@frog
Umm...no, this has nothing whatsoever to do with jailbreaking. This has to do with a flaw in over the air provisioning of GSM phones.
frog you are an ignorant tard who doesn't know what he is talking about...
Yeah I don't know who said this had anything to do with jailbreaking or the jailbreaking community. It absolutly has nothing to do with it or ssh. Which is the root password thing. It has nothing to do with either. Nothing at all. What it has to do with is the smatphone community and the fact that apple and other smartphone makers were notified of this vulnerability and have dine nothing about this. Leaving everyone vulnerable, not just jailbreakers and not just people with ssh enabled... EVERYONE. Apple, Microsoft and google should have fixed this by now in fact it never should have been an issue. If this is because of an issue with the openess over the air ota updating then why was this included in the iPhone? Apple has never updated anything ota so why not just eliminate the ability and in turn eliminate the problem. Why would we need to update ota if apple never uses it we can't either. Just a thought of a way to eliminate the problem with my limited knowledge of the subject.
@icebike, I seriously doubt Apple has done 'nothing', just because they haven't said anything is not the same as them doing nothing.
@Ice: Exactly what I thought. Although in the Ars article from July 3rd ("Apple patching critical SMS vulnerability...") they seem to have revealed to Charlie that [that Apple is working on a patch].
Apple is indeed the fouling player here, but I don't think that they are sitting on their hands so much as just not turning around the fix fast enough. They DEFINITELY need to step up their security priorities AND be a little more transparent. In the meantime, alarmist headlines will continue to gain traction. It is Apple's fumble.
@caballera have you recieved a firmware update? No... So they have done nothing. If they had done something they probably would have let everyone know they were not vulnerable so everyone wouldn't be freaking out while at the same time letting the public know that winmo and android had nit fixed it yet. Has anyone heard anything about the pre being vulnerable.
You would think given six weeks to fix this they could have updated already. Maybe it is a little tougher than I am thinking. They are assuredly working on it. I just meant that they have not released any fix yet or statement or anything.
@Mattshall I am pretty sure that the Pre will resist the GSM-specific hijacking, but might also be prone to the SMS issue to some degree. I also haven't heard about the vulnerability of RIM devices--maybe the RIM network isolates users?
The Cnet article above says that google fixed the problem withen a couple of days of being notified.
@Matshall:
My understanding is that Android has fixed it.
So it is because of allowing OTA updates for GSM phones? I don't recall any of my phones ever getting any kind of update before the iPhone.
Yes, the quote above indicates pre-Cupcake versions of Android are affected, which means versions 1.0 and 1.1. "Cupcake," version 1.5, came out in late May. Whether Google fixed it after talking to Miller et al, or whether they found and fixed the hole on their own during 1.5 development, I do not know.
Google maintained in an article yesterday for Information Week that the issue had been patched. Apple did not respond for a request for comment, and it did not appear Information Week attempted to contact either MS or RIM.
@icebike, It's hit MSNBC, Reuters, and the AP wire. Gotta get around soon.
nice try apple
Well there probably waiting until 3.1 to come out to release the patch...
haha stupid iphone... hmmm wonder why the pre doesnt have this problem... oh yeah now i remember cause its not some iCrap
That cnet article
http://news.cnet.com/8301-27080_3-10299378-245.html?tag=mncol;txt
also confirms that the attack works against unjailbroken iphones running 3.0. (As others noted, the article indicates Google patched Android a day or two after being notified.)
Details: http://www.blackhat.com/presentations/bh-europe-09/Gassira_Piccirillo/BlackHat-Europe-2009-Gassira-Piccirillo-Hijacking-Mobile-Data-Connections-whitepaper.pdf
Good summerization on the Register http://www.theregister.co.uk/2009/07/31/smartphonehijacking/
http://tinyurl.com/myxp4y
I'm surprised none of the phone makers/carriers saw this coming. This stupid hole allows root access without authentication. I think this is careless on everyones part.
Apple will most likely release 3.1 as a fix for this. However, 3.0.1 would suffice and calm some nerves. Now that it's out, and being widely covered, Apple will need to save face.
Day 2 and my iPhone still has not been hacked rolls eyes.
Apparently, O2 are releasing a fix... i guess just by updating their carrier bundle: http://news.bbc.co.uk/1/hi/technology/8177755.stm
Edit: No they're not, Apple are! So i guess 3.0.1
Yes, plug phone into Itunes and you will be notified about 3.0.1. Jailbreakers may want to hold off as usual.
This story must have finally hit the New York Times.
Lol get a blackberry lmao. Get a real phone lolol. This just doesn't happen to berries. Hehe