wraggster
July 31st, 2009, 15:06
Apple is set to release a software patch to address a recently described security flaw in the iPhone, the UK network operator 02 has said.
Experts revealed on Thursday that modified SMS messages could result in iPhones being disconnected from the network or hijacked altogether.
Phones incorporating the Windows Mobile and Google Android operating systems are also vulnerable, they said.
An O2 spokesperson said the patch would be available Saturday through iTunes.
"We will be communicating to customers both through the website and proactively," the spokesperson added.
"We always recommend our customers update their iPhone with the latest software and this is no different."
Access all areas
Charlie Miller and Collin Mulliner told the Black Hat conference in Las Vegas that the hack works by slightly modifying the data - sent by the network and which the user does not see - that arrives as part of a text message.
The system that processes such messages is similar across different operating systems and can, once compromised, gain access across a range of applications including a phone's address book or camera.
The team say that hackers could develop programs to exploit the weakness in as little as two weeks, but told the conference that publicising the means of attack was necessary to ensure the problem was addressed.
"If we don't talk about it, somebody is going to do it silently. The bad guys are going to do it no matter what," Mr Mulliner, an independent security expert, said.
The team wrote software to exploit the weakness, targeting iPhones on four networks in Germany as well as AT&T in the US. However, they believe it would work equally well in any country.
The approach is particularly dangerous because messages are delivered automatically, and users cannot tell that they have received the malicious code.
The problem could be fixed by directly patching the vulnerability in smartphones' operating systems, or the network providers could scan for messages that look to be trying to gain access to phones via the malicious code.
The researchers said they had informed Google of the hack and that the company had already taken steps to address the problem.
The Black Hat gathering, part of a leading series of conferences for information and computer security experts, took place from 25 to 30 July.
Apple were not available to comment on the flaw.
http://news.bbc.co.uk/1/hi/technology/8177755.stm
Experts revealed on Thursday that modified SMS messages could result in iPhones being disconnected from the network or hijacked altogether.
Phones incorporating the Windows Mobile and Google Android operating systems are also vulnerable, they said.
An O2 spokesperson said the patch would be available Saturday through iTunes.
"We will be communicating to customers both through the website and proactively," the spokesperson added.
"We always recommend our customers update their iPhone with the latest software and this is no different."
Access all areas
Charlie Miller and Collin Mulliner told the Black Hat conference in Las Vegas that the hack works by slightly modifying the data - sent by the network and which the user does not see - that arrives as part of a text message.
The system that processes such messages is similar across different operating systems and can, once compromised, gain access across a range of applications including a phone's address book or camera.
The team say that hackers could develop programs to exploit the weakness in as little as two weeks, but told the conference that publicising the means of attack was necessary to ensure the problem was addressed.
"If we don't talk about it, somebody is going to do it silently. The bad guys are going to do it no matter what," Mr Mulliner, an independent security expert, said.
The team wrote software to exploit the weakness, targeting iPhones on four networks in Germany as well as AT&T in the US. However, they believe it would work equally well in any country.
The approach is particularly dangerous because messages are delivered automatically, and users cannot tell that they have received the malicious code.
The problem could be fixed by directly patching the vulnerability in smartphones' operating systems, or the network providers could scan for messages that look to be trying to gain access to phones via the malicious code.
The researchers said they had informed Google of the hack and that the company had already taken steps to address the problem.
The Black Hat gathering, part of a leading series of conferences for information and computer security experts, took place from 25 to 30 July.
Apple were not available to comment on the flaw.
http://news.bbc.co.uk/1/hi/technology/8177755.stm