Technologizer is reporting on the developing story on SMS attacks coming out of today's Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, almost all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing security and send data designed to get access and take control of the phone.

On the iPhone specific side, however:

In a final coup for the conference, Lackey and Miras demonstrated an iPhone app they call TAFT which can, at the click of a few buttons, transmit various types of attacks against specific, vulnerable phone models, including iPhones, and phones running the Windows Mobile 5 and pre-”cupcake” Android operating systems.

Vendors, including Apple are working on patching the exploit, though there is still no word which specific models or firmware versions are vulnerable.

More as the story continues to develop.

The Jailbreak and Unlock wizards behind the iPhone DevTeam are off to DEFCON 17, the security/hacking convention that juxtaposes Black Hat 2009, and have provided a set of tips to help those at the conferences (or anywhere really) avoid getting their iPhone hacked into. The tips are really targeted at Jailbroken iPhones, but some cross over to regular iPhone users as well.

Disable all your login cookies in Safari. If you use the hotel or conference wifi, it is 100% guaranteed that your traffic will be sniffed. If you allow a web site (like twitter.com) to store your login info in a cookie, and if you connect to that site through a normal http connection, your login info will be exposed. At the very least, you'll end up on the Wall of Sheep. But you'll be giving up your password to anyone else sniffing too.

They also advise avoiding any public Wi-Fi at hotels, conference centers, airports, etc. (and to tether instead), and either uninstalling or disabling SSH access, or at the very least changing the root and mobile password from Apple's default.

They also provide their suggestions for talks that might interest the iPhone jailbreak community. If anyone attends, let us know how it goes via our iPhone Jailbreak and Unlock Forum. And If you have more pro tips, send them our way!

In an ideal world, Mac and iPhone hacker Charlie Miller would discover vulnerabilities, inform Apple, and Apple would then patch them before they had any chance of being exploited "in the wild".

Miller, however, prefers to keep them to himself so he can win MacBooks and detail them at Black Hat conferences. The good of the hacker obviously outweighs the good of the users, every one. So be it.

Miller's latest iPhone-related find was disclosed at SyScan in Signapore:

a hole that would let attackers "run software code on the phone that is sent by SMS over a mobile operator's network in order to monitor the location of the phone using GPS, turn on the phone's microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet."

Apple, for their part, is hoping to have this patched before Miller's upcoming Black Hat gig.

We hope so too.

[via Engadget. Thanks Travis for the tip!]