Speaking at the Black Hat computer security conference in Las Vegas only a few hours from now, hackers (or "security experts") Charlie Miller and Collin R. Mulliner are scheduled to expose an alleged security flaw in the Apple iPhone that may allow someone sending a single SMS message to take control of any iPhone. According to a number of reports (note Forbes and AppleInsider), the exploit would allow a hacker to take control over all of the iPhone’s functions. This potentially could mean that a hacker could turn on the camera, microphone and GPS functions in your iPhone to record your activities, dial the phone or use your iPhone to infect others.
Miller, who works as a security expert for Independent Security Evaluators, suggests that if you receive a text message with a single box-shaped character (e.g., "□"), turn the iPhone off immediately. [I’m not sure what the advice would be after that, but maybe you could use a break from all those emails while Apple fixes this problem.] Because the alleged flaw could allow someone to take over your friends’ and family’s iPhones, the next suspicious text message you receive might be from someone you know.
Miller apparently notified Apple of this flaw some weeks ago and, concerned that Apple has not released a patch, intends to force the issue by demonstrating the hack today.
- Black Hat security conference
- Charlie Miller’s firm, Indepdent Security Evaluators
- Collin Mulliner’s website
- Forbes article, "How To Hijack ‘Every iPhone In The World’"
- Apple Insider article, "SMS hack could leave "every" iPhone vulnerable"
- Computer World article on Miller’s first presentation on the iPhone flaw at the SyScan conference