Apple today released iPhone OS 3.0.1, addressing an SMS security vulnerability disclosed at yesterday’s Black Hat cybersecurity conference in Las Vegas. The release of iPhone OS 3.0.1 has been expected since a spokesperson for UK iPhone carrier O2 claimed earlier today that a fix for the issue would be coming from Apple on Saturday.

Apple has also posted a security document describing the issue.

As usual, jailbreakers and unlockers should NOT update as it will remove the jailbreak/unlock.

If you don’t care about this, and you still want to update, you can do it via iTunes, or you can direct download the new iPhone firmware 3.0.1 here :

• iPhone 2G/EDGE
• iPhone 3G
• iPhone 3Gs

Apple Releases iPhone OS 3.0.1 to Address SMS Security Vulnerability is a post from: The Apple Bites

If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character, Charlie Miller would suggest you turn the device off. Quickly!!!!

That small cipher will likely be your only warning that someone has taken advantage of a bug that Miller and his fellow cybersecurity researcher Collin Mulliner plan to publicize Thursday at the Black Hat cybersecurity conference in Las Vegas. Using a flaw they’ve found in the iPhone’s handling of text messages, the researchers say they’ll demonstrate how to send a series of mostly invisible SMS bursts that can give a hacker complete power over any of the smart phone’s functions.

That includes dialing the phone, visiting Web sites, turning on the device’s camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking.

This is serious. The only thing you can do to prevent it is turn off your phone,” Miller told Forbes. “Someone could pretty quickly take over every iPhone in the world with this.

Though Miller and Mulliner say they notified Apple about the vulnerability more than a month ago, the company hasn’t released a patch, and it didn’t respond to Forbes’ repeated calls seeking comment.

The iPhone SMS bug is just one of a series that the researchers plan to reveal in their talk. They say they’ve also found a similar texting bug in Windows Mobile that allows complete remote control of Microsoft based devices.

Another pair of SMS bugs in the iPhone and Google’s Android phones would purportedly allow a hacker to knock a phone off its wireless network for about 10 seconds with a series of text messages. The trick could be repeated again and again to keep the user offline, Miller says. Though Google has patched the Android flaw, this second iPhone bug also remains unpatched, he adds.

The new round of bugs aren’t the first that Miller has dug up in the iPhone’s code. In 2007, he became the first to remotely hijack the iPhone using a flaw in its browser. But while that vulnerability gave the attacker a similar power over the phone’s functions, it required tricking the user into visiting an infected Web site to invisibly download a piece of malicious software.

When Miller alerted Apple in July of that year, the company patched the vulnerability before Miller publicized the bug at the Black Hat conference the following month.

The new attacks, by contrast, can strike a phone without any action on the part of the user and are virtually unpreventable while the phone is powered on, according to Miller and Mulliner’s research. And unlike the earlier exploits, Apple has inexplicably left them unpatched, Miller says. “I’ve given them more time to patch this than I’ve ever given a company to patch a bug,” he says.

The Windows bug he and Mulliner plan to reveal hasn’t been patched either, says Miller, though he admits that he and Mulliner discovered the Windows flaw on Monday and hadn’t yet alerted Microsoft to its existence.

The attack developed by Miller and Mulliner works by exploiting a missing safeguard in the phones’ text messaging software that prevents code in the messages’ text from overflowing into other parts of the device’s memory where it can run as an executable program. The two researchers plan to demonstrate how a series of 512 SMS messages can exploit the bug, with only one of those messages actually appearing on the phone, showing a small square. (Someone could easily design the attack to show a different message or without any visible messages, Miller cautions.) The entire process of infecting an iPhone and then using the device to infect another phone on the user’s contact list would take only a few minutes, Miller says.

The vulnerability of SMS to that sort of attack will likely be a hot topic at this year’s Black Hat and Defcon cybersecurity confabs. Two other researchers, Zane Lackey and Luis Miras, say they plan to present other vulnerabilities in major vendors’ SMS applications, though they declined to discuss which vendors or the specifics of the vulnerabilities before the companies had issued patches.

Lackey and Miras argue that SMS demands far more attention from the cybersecurity community and device vendors. “Like a lot of mobile phone software, it’s been relatively unexplored in the past,” Lackey told Forbes. “Only recently has there been proper debugging and development tools available. SMS exemplifies a common trend: once it was a simple technology. Now it’s being used in devices far beyond its original purposes, and security is still playing catch up.”

The researchers’ concerns aren’t merely theoretical. Finnish security firm F-Secure says it’s found nearly 500 different variants of mobile phone malicious software since 2004, mostly using Bluetooth to hop between phones in close proximity. But in the last 18 months, cybercriminals have begun using text messages to send links to malicious Web sites that infect the phone with malware, says Mikko Hyppönen, an F-Secure researcher.

One seemingly-Chinese variant, known as “Sexy View” and currently targeting the Symbian operating system, is far more threatening than an iPhone attack, given that around 50% of cellphones use Symbian, Hyppönen says. “After years of the security industry wondering why we aren’t seeing text message worms, it’s starting to happen now,” he says.

While many of those ongoing attacks are merely hacker experiments, some have used phones to text premium numbers that generate revenue for cybercriminals. “Mostly it’s still about curiosity and fun, but eventually the criminal guys move in,” says Hyppönen. “We’re probably on the verge of that right now.”

As dangerous as his iPhone attack sounds, Miller argues that it’s important to expose flaws in SMS software before they can be exploited by more malicious actors. Texting applications’ insecurity isn’t due to the software’s complexity so much as the security community’s inattention and the expense of sending thousands of text messages to test a phone’s security, Miller says.

“The bad news is that SMS is the perfect attack vector, but the good news is that it’s probably possible to build it securely,” he says. “As a researcher, I can only show [Apple] the bugs. It’s up to them to fix them.”

Your iPhone Might Get Hijacked By SMS You Receive is a post from: The Apple Bites

For all iPhone users who miss SMS delivery notification, here is a simple trick to make it work on your iPhone.

Just enter these special characters before your message and you will get notification as soon as it gets delivered.

• *0#
• #
• !
• *not#
• *N#
• ##

Since this is a feature of the cell carrier, this trick will work on other phones as well. The carrier will also strip out the special characters when it delivers the message to the recipient.

If you know codes of other carriers, please mention it in the comments. Thanks!

iPhone SMS Delivery Notification Codes is a post from: The Apple Bites

Tags:

• iphone text delivery notification
• iphone sms read receipt
• iphone 4s delivery receipt
• delivery receipt on sms on iphone
• iphone sms delivery
• sms read notification iphone
• iphone 5 0 1 sms delivery
• sms delivery for os 5 0 1
• delivery and read receipt in iphone 4s
• iphone 4s sms delivery receipt

To save all your Contacts/SMS/Notes/Calendar, SSH your iPhone or use iPhone browser

How To:Save All Your Contacts/SMS/Notes/Calendar is a post from: The Apple Bites

Tags:

• how to save contacts sms notes from iphone

Via a simple SMS, the iPhone can be hacked, according to Cjarlie Miller. Miller is a well-known securityspecialist and author of the Mac Hacker’s Handbook. Via the SMS vulnerability you’ll get access to the root of the iPhone. The SMS leak will give the attacker the possiblity to activate certain code via an SMS-message sent to you, Miller mentioned on the SyScan exchange.

The code can for example, track the location of the phone, turn-on the microphone or totally block it. By sending several SMS-messages written in binary code, an entire program can be send. This program then can get access to the root of the iPhone, causing lots of trouble.

Such leaks in applications are not that bad, because the applications run in their own sandbox. Imagine such a sandbox as an island where all bridges to the shore are up and not accessible.

Apple’s working on a patch for the SMS vulnerability. That patch is expected to be ready at the end of this month. After the patch is released, Miller will describe further details about the leak on the Black Hat conference in Las Vegas.

There’s also a positive side to all this. Miller tells that the version of OS X for the iPhone is still safer than the entire OS X for desktops and laptops. That’s because applications like Java and Flash are not available on the iPhone OS.

Apple werkt aan een patch voor de SMS kwetsbaarheid. Deze verwachten ze aan het eind van deze maand klaar te hebben. Zodra deze patch uitgegeven is zal Miller verdere details over het lek beschrijven in een presentatie op de Black Hat-conferentie in Las Vegas.

“The iPhone is more secure than OS X, but SMS could be a critical vulnerability,” says Miller.

iPhone Hacked Via SMS is a post from: The Apple Bites

Tags:

• iPhone 4s hacked through sms