Security Flaw In iPhone’s SMS System Found

Security researcher Charlie Miller claimed at the SyScan conference in Singapore that he has discovered a new significant exploit in the iPhone’s SMS system. The flaw may “allow an attacker to remotely install and run unsigned software code with root access to the phone.”

“The SMS vulnerability allows an attacker to run software code on the phone that is sent by SMS over a mobile operator’s network. The malicious code could include commands to monitor the location of the phone using GPS, turn on the phone’s microphone to eavesdrop on conversations, or make the phone join a distributed denial of service attack or a botnet.”

It’s unlikely that there could be any risk of a wide-spread attack on iPhones, but the shear number of iPhones out there make it an issue. Miller has agreed with Apple to wait until Black Hat USA expo in Las Vegas later this year to release the details of the exploit, giving Apple a window of time to patch the exploit.

[via HotHardware]

View the comments on the forum…