Two researchers have found an iPhone bug that could infect phones virally via SMS. They plan to reveal the still unpatched iPhone bug at the Black Hat cybersecurity conference in Las Vegas on Thursday. If you receive a text message with a single square character, you are advised to immediately turn off your iPhone, as they warn it means that someone has utilized the bug to take over your iPhone.

Read more at iPhone Worldwide Hack Coming Thursday (http://www.everythingicafe.com/iphone-worldwide-hack-coming-thursday/2009/07/28/)

Apple has known about this for a couple of weeks. Funny how blocking access to iTunes from the Palm Pre was higher on their priority list than patching the vulnerability. Mark

Apple has known about this for a couple of weeks. Funny how blocking access to iTunes from the Palm Pre was higher on ther priority list than patching the vulnerability. Mark

Need to make minimum required characters. LOL:dft011:wicked_smile

Need to make minimum required characters. LOL:dft011:wicked_smile

My phone went crazy for a moment. I thought I had the bug. LOL, Mark:dft008:suprised

So if you have read about the SMS bug on the EiC home screen yet. If not you should read it. Are you have are you scared or do you think it is a bunch of BS.

So have you read about the SMS bug on the EiC home screen yet. If not, you should read it. Are you scared or do you think it is a bunch of BS.

Not worried about it. Most likely just hype IMHO.

■■■■■■■■■■■

:dft008:suprised


Just kidding.

Ya i think it is BS too. Just was wondering what other people thought. I guess we will just have to wait till Thursday and see.

News: iPhone Worldwide Hack Coming Thursday (http://www.everythingicafe.com/forum/general-discussion/news-iphone-worldwide-hack-coming-thursday-52209.html)

It is real, I heard about it on Security Now. How viral it will be remains to be seen.

First, they have to find iPhone numbers to send it to in the first place. From there, maybe the virus can propagate through iPhone contact lists (but there's bound to be a lot of folks on the contact lists that aren't actually iPhones)

Secondly, the carrier has to be completely unaware that this is happening, because they more than likely have spam filters that can be updated to add this kind of SMS to the block list.

Apple may very well get the patch out by tomorrow. Problem is the people who won't be able to update due to a jailbreak...

Thanks for the update on it

Just to be safe, Thursday will be a Palm Pre day for me.

THIS (http://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html) is serious stuff guys. Keep your guard up.

Ironically, I called AT&T a few days ago and had them switch off my SMS texting. I don't have a text plan and never use texting except maybe once or twice a year. I was receiving some wrong number and spam text messages that I have to pay for so I had AT&T turn it off. It is good to know this though for the majority of iPhone users who use texting.

I read about this last week. It really infuriates me that Apple has done nothing to patch this vulnerability despite knowing about it for a while now.

:dft008:suprised


Just kidding.

LOL..clever Sean

Ironically, I had AT&T switch my SMS messaging off a few days ago. I was getting too many wrong number text messages and spam I have to pay for. Since I rarely use text messaging (perhaps just once or twice a year), I had them turn it off.

Good to know though for the majority who use SMS.

■■■■■■■■■■■

:dft008:suprised


Just kidding.

Love this!! LOL

Just a head's up - I merged a few threads in various forums into this one.

Hopefully this won't be too viral - if it is, Apple's going to have a lot on their hands. If anybody here gets it, be sure to let us know.

I'll probably leave my 3GS off tomorrow and use my, er, uh, Pre...

I feel so dirty.

I'll probably leave my 3GS off tomorrow and use my, er, uh, Pre...

I feel so dirty.

Hey, my only alternative phone if I leave my 3GS at home tomorrow is a RAZR. There. Feel better now? :dft011:wicked_smile

Hey, my only alternative phone if I leave my 3GS at home tomorrow is a RAZR. There. Feel better now? :dft011:wicked_smile

No. Some of these guys here are picking on me...:dft006:unhappy

No. Some of these guys here are picking on me...:dft006:unhappy
Nothing wrong with using the NEXT best thing. (as long as you still use THE best thing) :tounge:

So does anyone know what to do AFTER we turn the phone off? Wait around until the release of 3.1?

So does anyone know what to do AFTER we turn the phone off? Wait around until the release of 3.1?
You mean you're not willing to live with a $200 paperweight for a few days ... weeks ... months ... oy! :038:wipes_a_tear

:029:eyeswideopen You could jailbreak, dl mCleaner and block all sms until ........:003:happy
???

I might just stick to wifi all day and just deal with no calls or texts until I hear the news about how it affects everyone.

Questions-so is this a demo and these guys are just showing that it can be done or is it someone who's doing this to wreak havoc?

How are they getting said phone numbers?

How long do we leave our phones off for?

If we get the text, after we turn our phones back on do we delete the message? What else do we do?

I got the impression that it was a demonstration of what the exploit could do, though I'm not positive.

Questions-so is this a demo and these guys are just showing that it can be done or is it someone who's doing this to wreak havoc?

How are they getting said phone numbers?

How long do we leave our phones off for?

If we get the text, after we turn our phones back on do we delete the message? What else do we do?

I think these guys are just doing it to show that they can and won't be doing it to hurt or cause problems with iphones. They will probably get a few volunteers with iphones because it really would be hard to find out the numbers specific to iphones. That would require at&t hacking which I am sure is easily possible. But that doesn't mean that there isn't someone out there with malicious motives who can find this exploit and use it in a bad way.

That would be a guessing game unless they have an at&t insider or have hacked the at&t system.

Mine is already in airplane mode with just wifi on until I hear news thursday of the event and how everything turned out.

I am thinking if you get it at all you allow them access to the phone but if it becomes so clear that it's a problem apple would probably come up with an update and fast to shut that door even if it was already opened by the hackers. Unless at&t carefully shuts out text messages with the supposed message there isn't much else to do at this point. Even if your phone is off you will get the text when the phone is turned back on.

I think since it is so public and apple has to know about it they most likely talked to these hackers privately and made sure they wouldn't affect random people and the fix will be included in the final 3.1. I am sure apple and at&t have a game plan if this turns out to be a bad thing.

I guess I could be safe tomorrow and put my SIM in the $20 Nokia Go Phone I bought to try and activate MMS. Worse than a Raz or Pre. Nah, and I'll leave my case at home tomorrow too and live on the edge!

What if we forward the SMS message back to the hackers? lol

I'll take a chance and live on the dark side; I doubt I'll get a little ■ text message anyway.

I'll probably leave my 3GS off tomorrow and use my, er, uh, Pre...


I'd rather have the virus than do that. ;)


--
Mike

:029:eyeswideopen You could jailbreak, dl mCleaner and block all sms until ........:003:happy
???
I'm not ready to consider going JB with my brand new iPhone until after 3.1 is released (some time in the distant future) ... <sigh>

I really cant see any cell being this voulnerable. Really, could apple have released a device that is this easy to hack?

I would imagine if this proves to be true, Apple may release a 3.0.1 firmware update until 3.1 is ready

I got a square text yesterday. I replied back to the message and they started dialing Domino's Pizza. Those hackers must have been hungry.

Here's an article that says apple would address the vulnerability and that apple is in contact with the hacker. This will be fixed, if it already hasn't been in 3.1, and he will not be attacking us today just demonstrating it probably right before apple releases the fix.

http://www.iphonestalk.com/apple-to-address-possibly-serious-sms-iphone-exploit-5475/

One can only hope that the fix is nearly done and will be distributed before some whizkid figures out how to do it on his own for fun or profit.

YMMV

I am in my fall-out shelter all day. I should be safe in here. I have enough rations for 3 months, someone let me know when it's ok to come out:022:really

I am in my fall-out shelter all day. I should be safe in here. I have enough rations for 3 months, someone let me know when it's ok to come out:022:really

I soooooo needed a laugh today. Thanks!

I've got the virus. It's not the little square though. It's just the wife texting me and annoying me during my quiet time ;)

Haven't received any strange texts at all today; my phone has been rather quiet.

Same here. I really need my phone so I didn't do any of the "safe" things people were carrying on about earlier. Woke up this morning, powered up and it's running like it does every single day.

I've actually been using my iPhone all day without incident.

The 'hack' was only being introduced today...they expect the hack to start circulating within 2 weeks.

I was panicking about this last night....told everyone who has an iphone, including my students.

Nothing happened....I felt like y2k all over again. :dft001:embarrassed

The 'hack' was only being introduced today...they expect the hack to start circulating within 2 weeks.

Then why is there such scare tactics? Srsly, it's getting old. Someone should just say, "be prepared. In 2 weeks an iPhone hack will begin circulating via SMS that could potentially damage your phone."

Then why is there such scare tactics? Srsly, it's getting old. Someone should just say, "be prepared. In 2 weeks an iPhone hack will begin circulating via SMS that could potentially damage your phone."
Media Hype...

...I especially enjoyed the part of the article where they say Apple was notified in June of the security flaw. ...and yet, nothing has been done yet?

I was panicking about this last night....told everyone who has an iphone, including my students.

Nothing happened....I felt like y2k all over again. :dft001:embarrassed
haha Yeah it certainly reeks y2k. Although the researchers have already shown Apple what they can do with this vulnerability.

One would think they (Apple) were trying to wait to include the fix in 3.1 but with all the publicity this has gotten I expect we'll get a patch (3.0.1?) prior to the 3.1 roll out just to plug the hole.

haha Yeah it certainly reeks y2k. Although the researchers have already shown Apple what they can do with this vulnerability.

One would think they (Apple) were trying to wait to include the fix in 3.1 but with all the publicity this has gotten I expect we'll get a patch (3.0.1?) prior to the 3.1 roll out just to plug the hole.

One would hope so....seeing as how they gave great directions on how to handle the situation.

"Turn the phone off immediately." ok.....then what? hahahah

One would hope so....seeing as how they gave great directions on how to handle the situation.
"Turn the phone off immediately." ok.....then what? hahahah
I know... sounds like advice coming from an AT&T rep not Apple.

I know... sounds like advice coming from an AT&T rep not Apple.

This advice ranks up there with "Remove the battery." :011:evillaugh

This advice ranks up there with "Remove the battery." :011:evillaugh
Well, removing the battery is the only way to prevent the Govt. from activating your phone and listening in your conversations and tracking you.

The men in black are coming!

They've been here, and lurking, for quite some time now. Tin foil helps.

Well to me it sounds like we are immune to this vulnerability. No one has pointed it out yet but I read an article that said the hack uses an MMS protocol rather than SMS. So maybe we have the cure, just have your iPhone on AT&T and you won't be able to receive the mms :dft011:wicked_smile

http://www.scmagazineus.com/Black-Hat-SMS-bug-can-disable-iPhone-usage/article/140933/

Well to me it sounds like we are immune to this vulnerability. No one has pointed it out yet but I read an article that said the hack uses an MMS protocol rather than SMS. So maybe we have the cure, just have your iPhone on AT&T and you won't be able to receive the mms :dft011:wicked_smile

http://www.scmagazineus.com/Black-Hat-SMS-bug-can-disable-iPhone-usage/article/140933/

Mmm.. don't think so. It's already been done (http://news.cnet.com/8301-27080_3-10299378-245.html?tag=newsFeaturedBlogArea.0) (non-maliciously).

Mmm.. don't think so. It's already been done (http://news.cnet.com/8301-27080_3-10299378-245.html?tag=newsFeaturedBlogArea.0) (non-maliciously).

Aw crap I guess I can't try to put a good spin on no mms. At least it's been publicized, they have been trying to tell apple, and they proved it today so maybe apple will move a little faster for the security update unless it's already in 3.1.

They've been here, and lurking, for quite some time now. Tin foil helps.

LOL

Yes, I hear it helps so they can't read our minds.

Keep a lot of glasses of water around, too.

A baseball bat, too. In case they get close, be sure to swing away.

I don't think so that will be happen with me...:034:headspounding

3.0.1 was released today to address the SMS vulnerability. 3.1 beta users might still be vulnerable, but at least apple is acknowledging the problem.

http://www.appleinsider.com/articles/09/07/31/apple_releases_iphone_3_0_1_software_to_fix_sms_ex ploit.html

Discussion taking place here > News: iPhone 3.0.1 Now Available, Fixes SMS Vulnerability (http://www.everythingicafe.com/forum/general-discussion/news-iphone-3-0-1-now-available-fixes-sms-vulnerability-52404.html)