DCSportbikes.net  
» Help Support .NET!
DCSportbikes Premier Membership for 25$ per year. Discounts! Click here for full information.

Now available in the .NET Shop:



Get your DCSBN Gear!
» Shoutbox
Sorry, only registered users have the ability to use our real-time shoutbox to chat with other members.

Register now, it's free!
» Online Users: 561
6 members and 555 guests
GRN96WS6, HotRod1200, nootherids, Sal_the_man, Slider, tonetone
Most users ever online was 4,519, September 2, 2015 at 03:26 AM.
Go Back   DCSportbikes.net > Non-Sportbike Forums > Non-Sportbike Chat

Reply
LinkBack Thread Tools
iPhone hacking?
Unread
  (#1)
GP Champ
 
CookieMonster's Avatar
 
Posts: 3,240
Join Date: September 20, 2005
Location: Hell, apparently
iPhone hacking? - July 30, 2009, 02:37 PM

Uh oh? -- from Forbes http://www.forbes.com/2009/07/28/hac...y-hackers.html

Someone tell me what to do!
How To Hijack 'Every iPhone In The World'

Andy Greenberg, 07.28.09, 05:40 PM EDT
On Thursday, two researchers plan to reveal an unpatched iPhone bug that could virally infect phones via SMS.


If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character, Charlie Miller would suggest you turn the device off. Quickly.
That small cipher will likely be your only warning that someone has taken advantage of a bug that Miller and his fellow cybersecurity researcher Collin Mulliner plan to publicize Thursday at the Black Hat cybersecurity conference in Las Vegas. Using a flaw they've found in the iPhone's handling of text messages, the researchers say they'll demonstrate how to send a series of mostly invisible SMS bursts that can give a hacker complete power over any of the smart phone's functions. That includes dialing the phone, visiting Web sites, turning on the device's camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking.

"This is serious. The only thing you can do to prevent it is turn off your phone," Miller told Forbes. "Someone could pretty quickly take over every iPhone in the world with this."
Though Miller and Mulliner say they notified Apple ( AAPL - news - people ) about the vulnerability more than a month ago, the company hasn't released a patch, and it didn't respond to Forbes' repeated calls seeking comment.
The iPhone SMS bug is just one of a series that the researchers plan to reveal in their talk. They say they've also found a similar texting bug in Windows Mobile that allows complete remote control of Microsoft ( MSFT - news - people )-based devices. Another pair of SMS bugs in the iPhone and Google's ( GOOG - news - people ) Android phones would purportedly allow a hacker to knock a phone off its wireless network for about 10 seconds with a series of text messages. The trick could be repeated again and again to keep the user offline, Miller says. Though Google has patched the Android flaw, this second iPhone bug also remains unpatched, he adds.
The new round of bugs aren't the first that Miller has dug up in the iPhone's code. In 2007, he became the first to remotely hijack the iPhone using a flaw in its browser. But while that vulnerability gave the attacker a similar power over the phone's functions, it required tricking the user into visiting an infected Web site to invisibly download a piece of malicious software. When Miller alerted Apple in July of that year, the company patched the vulnerability before Miller publicized the bug at the Black Hat conference the following month. ("See: Hacking the iPhone.")


Talk nerdy to me



It's not how many times you get knocked down,
it's how many times you get back up!
  MySpace.com Page Send a message via AIM to  
Reply With Quote
Unread
  (#2)
Traction Control
 
Tecknojoe's Avatar
 
Posts: 6,969
Join Date: May 6, 2009
Location: The hell out of VA
July 30, 2009, 02:40 PM

yep. news broke yesterday. apple is stupid for not listening


KTM RC8R
KTM RC390 race
Yamaha R6 race
Honda CRF50 mini
  Send a message via AIM to Send a message via AIM to Tecknojoe  
Reply With Quote
Unread
  (#3)
I'm baaaaaack
 
Shooter's Avatar
 
Posts: 745
Join Date: May 24, 2008
Location: Centreville VA
July 30, 2009, 02:41 PM

Blackberry FTW!
  Send a message via AIM to  
Reply With Quote
Unread
  (#4)
Site ADMIN
 
spud's Avatar
 
Posts: 16,846
Join Date: September 30, 2002
Location: Lake Ridge
July 30, 2009, 02:54 PM

Quote:
Originally Posted by tecknojoe View Post
yep. news broke yesterday. apple is stupid for not listening

they did listen, it is coming out with 3.1..


This post was prepared as a service to the DCSportbikes.net community. Neither the DCSportbikes.net ADMINS nor any of the moderators, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, link, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by DCSportbikes.net. The opinions of this author expressed herein do not necessarily state or reflect those of the DCSportbikes.net community, and shall not be used for advertising or product endorsement purposes.
__________________________________________________ ________


Alex
13 Honda Fury
  Facebook Page Send a message via AIM to Send a message via AIM to spud Send a message via MSN to spud  
Reply With Quote
Unread
  (#5)
#swag
 
Nick's Avatar
 
Posts: 10,213
Join Date: August 21, 2003
Location: Fairfax
July 30, 2009, 02:55 PM

Quote:
Originally Posted by spud View Post
they did listen, it is coming out with 3.1..
Is there a release date yet?


  Send a message via AIM to Send a message via AIM to Nick  
Reply With Quote
Unread
  (#6)
Traction Control
 
Tecknojoe's Avatar
 
Posts: 6,969
Join Date: May 6, 2009
Location: The hell out of VA
July 30, 2009, 02:55 PM

Quote:
Originally Posted by spud View Post
they did listen, it is coming out with 3.1..
had not heard. I suck.

3.1 needs to come out yesterday. god damn iphone is a piece of chit since 3.0 came. it's OOOOKKKKK if apps, or something dumb like that isn't working correctly, but when the basic functionality of the PHONE isn't working, that's when I get super pissed. Apple is becoming just like all the rest. fuck


KTM RC8R
KTM RC390 race
Yamaha R6 race
Honda CRF50 mini
  Send a message via AIM to Send a message via AIM to Tecknojoe  
Reply With Quote
Unread
  (#7)
GP Champ
 
CookieMonster's Avatar
 
Posts: 3,240
Join Date: September 20, 2005
Location: Hell, apparently
July 30, 2009, 03:00 PM

Spud -- is the update automatic, or do I need to do something? I am so new to this iphone thing...


Talk nerdy to me



It's not how many times you get knocked down,
it's how many times you get back up!
  MySpace.com Page Send a message via AIM to  
Reply With Quote
Unread
  (#8)
MSF Student
 
wrenchmonk's Avatar
 
Posts: 81
Join Date: July 17, 2007
Location: PWC
July 30, 2009, 03:09 PM

Remote hijacking of your iPhone?
Yup, There's an app for that.

Rather than turn your iPhone off you could enable Airplane mode which turns off all the radios. At least you have your information without the network connectivity at that point. If I read it correctly the attacker would need to send 500 messages to each phone for the exploit to occur. Possible? Yes. Plausible? Perhaps.

If you can live without SMS for a few days just call AT&T or go to your account online and set it so that all incoming SMS messages are dropped before they get sent to your phone. Hammer to kill a fly but effective for the time being.

I imagine that the fix will need to be manually updated through iTunes like all the other updates.

[Edit]

Here's the details given by the presentation at BlackHat http://www.blackhat.com/presentation...whitepaper.pdf

Last edited by wrenchmonk; July 30, 2009 at 03:59 PM..
  Send a message via AIM to Send a message via Yahoo to wrenchmonk Send a message via MSN to wrenchmonk  
Reply With Quote
Unread
  (#9)
Site ADMIN
 
spud's Avatar
 
Posts: 16,846
Join Date: September 30, 2002
Location: Lake Ridge
July 30, 2009, 03:19 PM

3.1 is out for developers now, so that means pretty soon:

http://www.engadget.com/2009/06/30/i...per-community/


cookie, when you sync with itunes, hit the button that says "check for updates". if there is an update for the os of your phone, it will do it for you there.


This post was prepared as a service to the DCSportbikes.net community. Neither the DCSportbikes.net ADMINS nor any of the moderators, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, link, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by DCSportbikes.net. The opinions of this author expressed herein do not necessarily state or reflect those of the DCSportbikes.net community, and shall not be used for advertising or product endorsement purposes.
__________________________________________________ ________


Alex
13 Honda Fury
  Facebook Page Send a message via AIM to Send a message via AIM to spud Send a message via MSN to spud  
Reply With Quote
Unread
  (#10)
GP Champ
 
CookieMonster's Avatar
 
Posts: 3,240
Join Date: September 20, 2005
Location: Hell, apparently
July 30, 2009, 03:42 PM

Uh can't sync with itunes yet lol -- my Mac is too old and I don't have interwebs at home to update the itunes software (it won't recognize the iphone). Any joy or am I screwed?


Talk nerdy to me



It's not how many times you get knocked down,
it's how many times you get back up!
  MySpace.com Page Send a message via AIM to  
Reply With Quote
Unread
  (#11)
B
It goes to 11.
 
B's Avatar
 
Posts: 16,806
Join Date: November 8, 2004
Location: Moet Chandon on a Schlitz budget
July 30, 2009, 03:46 PM

In order to succeed they would need to stage this relatively intricate subversion and wardial a large list of iphones... beyond that every iphone would need to go to a site and download (and install) some kind of package.... over at&ts network.

Although it is a security concern that needs to be corrected, largescale iphone takeover is simply not realistic. AT&T would not allow it.

Get your iphone synced, but you're in no imminent danger of having your iphone taken over.


SV650s for SALE!!!
- 2007 SV650 Racebike-Superbike KWS/Thermosman suspension/Swenz bodywork/All GSXR Parts
- 2009 SV650 Streetbike Race blue with white stripe/No wrecks/fully faired with M4 full system

Shoot me a PM or talk to Nate (Nudist) if you're interested in purchase.
  Send a message via AIM to Send a message via AIM to B  
Reply With Quote
Unread
  (#12)
Site ADMIN
 
spud's Avatar
 
Posts: 16,846
Join Date: September 30, 2002
Location: Lake Ridge
July 30, 2009, 04:46 PM

Quote:
Originally Posted by CookieMonster View Post
Uh can't sync with itunes yet lol -- my Mac is too old and I don't have interwebs at home to update the itunes software (it won't recognize the iphone). Any joy or am I screwed?
for the noob, itunes is the only way to update your os.

Rob or others can prob help you DL the update when it comes out and install it another way..

never done it any other way than itunes so i cant help you with that. sorry.


This post was prepared as a service to the DCSportbikes.net community. Neither the DCSportbikes.net ADMINS nor any of the moderators, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, link, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by DCSportbikes.net. The opinions of this author expressed herein do not necessarily state or reflect those of the DCSportbikes.net community, and shall not be used for advertising or product endorsement purposes.
__________________________________________________ ________


Alex
13 Honda Fury
  Facebook Page Send a message via AIM to Send a message via AIM to spud Send a message via MSN to spud  
Reply With Quote
Unread
  (#13)
GP Champ
 
CookieMonster's Avatar
 
Posts: 3,240
Join Date: September 20, 2005
Location: Hell, apparently
July 30, 2009, 04:48 PM

Meh I've been meaning to schlep the Mac to a friend's house to update everything, just looks like I need to do it sooner rather than later

Thanks for all your help, guys!


Talk nerdy to me



It's not how many times you get knocked down,
it's how many times you get back up!
  MySpace.com Page Send a message via AIM to  
Reply With Quote
Unread
  (#14)
Site Owner
 
ClemsonJeeper's Avatar
 
Posts: 12,971
Join Date: March 9, 2004
Location: CashBurn, VA
July 30, 2009, 04:49 PM

Must have itunes for upgrading iphone. Windows or Mac works fine.

This, theoretically, could be a terrible bug. If it is a hole in which a remote attacker can execute core operating system code on your device without you even knowing it or being able to stop it, all you would need is one phone number theoretically.

1) pown that persons iPhone
2) Download/run program in background that gets all the phone numbers from your phone book
3) Spam virus to the contacts

Blammo. Plus if its in the background, they will theoretically be able to SSH to your iphone, control it, grab any info on it, and be able to make it to do things in the background which you have no control over.

That is of course if they circumvent the jail on the device (unlikely). The iPhone won't run unsigned apps by default, so who knows how "end of the world" this will be.

You should always have all firmware/security updates on devices/computers anyway.


(O|||||||O) and (0OO\(||||)(||||)/OO0)

Help support DCSportbikes.net! Become a Premier Member today!

Katie #135.



Nudist: If Ben isnt still riding me, then I need it
B: that sounds odd

Last edited by ClemsonJeeper; July 30, 2009 at 04:53 PM..
  Facebook Page Send a message via AIM to Send a message via AIM to ClemsonJeeper  
Reply With Quote
Unread
  (#15)
Site ADMIN
 
spud's Avatar
 
Posts: 16,846
Join Date: September 30, 2002
Location: Lake Ridge
July 31, 2009, 02:31 PM

Cookie, 3.0.1 OS is out for the iphone today via itunes..

http://www.engadget.com/2009/07/31/i...vulnerability/


This post was prepared as a service to the DCSportbikes.net community. Neither the DCSportbikes.net ADMINS nor any of the moderators, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, link, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by DCSportbikes.net. The opinions of this author expressed herein do not necessarily state or reflect those of the DCSportbikes.net community, and shall not be used for advertising or product endorsement purposes.
__________________________________________________ ________


Alex
13 Honda Fury
  Facebook Page Send a message via AIM to Send a message via AIM to spud Send a message via MSN to spud  
Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Powered by vBadvanced CMPS v3.2.3


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0
vBulletin Skin developed by: vBStyles.com
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest 2002-2010 by DCSportbikes.net. DCSportbikes.net is owned by End of Time Studios, LLC.