Hackers can break into iPhone with an SMS

31 Jul 2009

A simple text message it seems is all a hacker needs to send in order to break into most popular smart phone devices like the iPhone or Windows or Android-powered devices.

At a Black Hat security event in Las Vegas a vulnerability in smart phones whereby messages that come to devices via a WAP Push function can be used to break into phones.

Hackers were able to demonstrate that all iPhones, Windows-powered devices and Android devices have this vulnerability.

The vulnerability occurs because text messages can seamlessly flit from sender to receiver with little or no interaction between the receiver or the mobile operator.

It is very hard for operators to tell the difference between legitimate traffic and harmful traffic.

This gives hackers the opening they need to break into these devices.

Hackers at the Black Hat conference were able to demonstrate how they can disconnect an iPhone from the cellular network by sending a single text message that the victim never sees.

The message exploits bugs in the way the iPhone handles messages and uses these bugs to crash the device.

A well known hacker called Charlie Miller said it was possible to take remote control of someone’s mobile phone by sending 500 text messages.

Miller predicted that because the world’s population of mobile users present an attractive target to hackers, it could potentially become a turkey shoot.

This is particularly worrying because of the rising numbers of people who use their devices to handle online banking as well as carry sensitive information like email. With the onset of credit cards on mobile devices and services like near field communication, mobile users could be sitting ducks when it comes to fraudulent hacking.

Hackers can also hack into mobile devices to direct users to websites they never intended to visit – mobile denial of service attacks – and this is understood to be particularly popular in Europe and Asia.

These revelations put extra pressure on mobile operators to pay closer attention to filtering the large volumes of text and email traffic that flits through their networks.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com