A massive iPhone security flaw was illustrated on Thursday by Charlie Miller and Collin Mulliner at the Black Hat 2009 conference in Las Vegas. Word of the demonstration had been brewing for days, however Apple has remained silent on the issue.
The problem makes it possible for iPhones to receive binary programs through SMS messages without the user's knowledge. These programs can then give someone using the exploit complete control over the device.
A spokesperson for O2, the exclusive iPhone carrier in the United Kingdom, explained that Apple will release a patch to fix the SMS issue on Saturday. According to the representative, the update will be available via iTunes, and O2 plans to contact their subscribers proactively.
Should a fix come from Apple this weekend, it's likely to be included in a smaller update. iPhone OS 3.1 isn't expected to hit the streets until as late as September.According to Miller, "The approach is particularly dangerous because messages are delivered automatically, and users cannot tell that they have received the malicious code."
He recommends two different methods to fix the problem, "The problem could be fixed by directly patching the vulnerability in smartphones' operating systems, or the network providers could scan for messages that look to be trying to gain access to phones via the malicious code."
Newest iPhone FAQs
Sounds like Apple is choosing the first solution, which makes sense. AT&T may not have the resources to deal with the issue.
Incidentally, iPhones aren't the only vulnerable mobile device. Windows Mobile and Google Android phones can both be attacked by the same method. According to reports, Google has already taken steps to deal with the problem.