两名网络安全专家米勒及马利纳,30日在拉斯维加斯的黑客网络安全大会上公开iPhone这个保安漏洞。他们会展示只要传送大量空白短信到 iPhone,便能控制手机所有功能,包括拨电话、浏览网页、开启相机及扩音器,最重要是可操控传送更多短信,进一步传播病毒。米勒表示,若用家收到只显 示出一个细小正方形的短信,即表示手机已被入侵,建议用户立即关机。
米勒指,入侵一部iPhone后,再以同样方式入侵另一部iPhone只需数分钟。他们已于个多月前通知iPhone的生产商苹果公司,但对方仍未就此漏洞作出修补。
由于示范时以iPhone为主,外界以为只会影响iPhone用户,但事实上不少智能手机平台,包括Android及Windows Mobile,都有相同的SMS漏洞。事件引起外界不少的反应,但有不少人指出,中招的机会不大,无需过份担心。目前部份手机厂商都知道有此问题,他们正在努力修复,最新消息指苹果或于本星期推出更新修复问题。
原文:
Researchers attack my iPhone via SMS
LAS VEGAS–Researchers have discovered a way to take complete control over an iPhone merely by sending special SMS messages and demonstrated it on my iPhone at the Black Hat security conference on Wednesday.
Although an attacker could exploit the hole to make calls, steal data, send text messages, and do basically anything that I can do with my iPhone, the researchers were kind and merely rendered it temporarily inoperable.
Here’s what happened: While I was talking on the phone to Charlie Miller, his partner, Collin Mulliner, sent me a text message from his phone. One minute I’m talking to Miller and the next minute my phone is dead, and this time it’s not AT&T’s fault. After a few seconds it came back to life, but I was not able to make or receive calls until I rebooted.
My iPhone is not jailbroken and it is running iPhone OS 3.0.
The attack is enabled by a serious memory corruption bug in the way the iPhone handles SMS messages, said Miller, a senior security researcher at Independent Security Evaluators.
There is no patch, despite the fact that Apple was notified of the problem about six weeks ago, he said. All current versions of the iPhone operating system are affected.
The attack is similar to an SMS attack demonstration CNET News wrote about in April in which mobile security firm Trust Digital was able to send an SMS to a phone that opened up a Web browser and directed the phone to a malicious Web site where malware could be downloaded.
In the more recent research, Android-based phones were found to be similarly susceptible to an SMS attack, only an attacker could temporarily knock the phone off the cell network but not take control, according to Mulliner, who’s getting his PhD at the Technical University of Berlin. Google patched the hole last week within a day or two of being notified of the problem, he said.
Meanwhile, a bug in the code written by HTC that controls the user interface on Windows Mobile devices could also be exploited via the SMS messages to make it so there are no buttons to push so the phone can’t be used, said Miller.
For the attack to work, an attacker must send hundreds of SMS control messages, which are different from regular SMS messages, according to Miller. Only the initial SMS may be seen, he said.
The researchers will demonstrate the attack on an Android phone and an iPhone during their presentation on Thursday.
Previous iPhone attacks required an attacker to lure the iPhone user to visit a malicious Web site or open a malicious file, but this attack requires no effort on the part of the user and requires only that an attacker have the victim’s phone number, Miller said.
Once inside a victim’s phone, the attacker could then send an SMS to anyone in the victim’s address book and spread the attack from phone to phone, he said.
Previously, Miller discovered a hole in the mobile version of Safari shortly after the iPhone was launched in 2007 and earlier this year he won a contest at CanSecWest by exploiting a hole in Safari.
Asked what an iPhone user can do when attacked, Miller replied: “Rebooting wouldn’t be a bad idea. It would stop all but the most sophisticated attacker. However, it doesn’t take but a second to grab all your personal info from the device, and as soon as you turn it back on, the bad guy could attack you again. That’s why I think this is so serious.”
本文还暂无回复