New Articles
Windows 11 users have discovered a funny bug that benefits older computers....
It's easy to turn off the transmission — we tell you how to do it....
Such photos have been taken by models and social media users for a long time,...
A famous musician? A schoolteacher? Mom? Tell us about the people you looked up...
Thanks to the instructions of Artyom Kozoriz, you can cope no worse than a...
5 interesting exercises that will help you develop flexibility....
From "Starship Troopers" and "The Matrix" to...
The return of Garfield and Mufasa, the new Transformers and the Lord of the...
About Everything Wiki » iOS » Apple is working to eliminate the SMS vulnerability of the iPhone

Apple is working to eliminate the SMS vulnerability of the iPhone

03 May 2023, 06:17, parser
0 comments    0 Show

Apple is working to eliminate the vulnerability of the iPhone, which allows attackers to remotely install and run prohibited program code with full access to the smartphone.

Such intrusions are designed to exploit the lack of the iPhone's text message function for their own purposes. This was stated by computer security specialist Charlie Miller in his presentation at the SyScan hacker conference in Singapore. He did not tell in detail about this SMS vulnerability of the iPhone, referring to a non-disclosure agreement with Apple.

Mr. Miller is a macOS X operating system security specialist and co-author of The Hacker's Handbook.

The SMS vulnerability of the iPhone allows an attacker to run a program code on the phone, which is sent to them using a mobile operator. This code allows you to use commands to determine the location of the iPhone user via GPS, turn on the phone's microphone in order to eavesdrop on conversations, or use the iPhone in distributed DDoS attacks and botnets.

Apple employees are working to resolve this problem. And it is expected that the vulnerability will be eliminated at the end of this month – before Miller tells about it in detail during a scheduled speech at another hacker conference – Black Hat USA – in Las Vegas.

If you do not take into account the SMS vulnerability of the iPhone, the simplified version of macOS X itself, which is used in Apple smartphones, makes them more secure than computers running on a full-featured version of this operating system. That's what Mr. Miller thinks.

The shortened version of macOS X provides fewer chances for attackers. It has no applications and features like support for Adobe Flash and Java functions, which could also be used by hackers. Plus, the iPhone has built-in protection of data stored in memory. The phone is designed in such a way as to work only on the basis of software code with Apple's digital signature.

iPhone apps should also run in the app sandbox. This protective feature isolates them from other apps and restricts their access to other smartphone functions. However, it is SMS messages that allow hackers to gain more open access to iPhone functions, according to Miller. "SMS is a great way to hack such phones," he said.

Used mainly to exchange short text messages, SMS are capable of transmitting binary code to the iPhone phone. And this code can then be processed without the participation of the smartphone owner. Each SMS message is limited in size to 140 bytes, but longer sequences are split into several messages, which are then automatically reassembled into one. As a result, it turns out that thanks to this feature, even more impressive programs can be transferred to the phone, as Mr. Miller assures.

In addition to everything, the SMS vulnerability of the iPhone gives the attacker full access to the smartphone. This does not apply to its other applications – for example, the browser, where the weak spot gives the attacker access only to the sandbox of this application.

Miller claims: "The iPhone is more secure than OS X, but its SMS vulnerability may be critical."

Read also:
03 May 2023, 18:54    0    0
The Lifehacker team loves to read useful books (be it business literature or books dedicated to...
Comments
reload, if the code cannot be seen