Yesterday, The Reg reported that researchers had discovered a vulnerability in the iPhone and other mobile devices that made them vulnerable to an SMS hack. This morning, Apple fixed it. Apple spokesperson Tom Neumayr told The Reg about the fix when we contacted him after the BBC reported that O2 had said a fix was on the way …
Bigger Fish to Fry
I'm much more worried about Apple's self-disclosed jailbreak problem (http://www.wired.com/threatlevel/2009/07/jailbreak/ for the Wired article and http://www.wired.com/images_blogs/threatlevel/2009/07/applejailbreakresponse.pdf for Apple's claims).
"By tinkering with [iPhone’s BBP - the “baseband processor” software, which enables a connection to cell phone towers], 'a local or international hacker could potentially initiate commands (such as a denial of service attack) that could crash the tower software, rendering the tower entirely inoperable to process calls or transmit data..'”
Apple claims that any jailbroken iPhone can be used to disrupt cell tower service.
Frankly, the cute little SMS issue was a little piece of fluff compared to the national-security-compromising jailbreak problem. Seems to me, in the interest of protecting America, all iPhones should be withdrawn from the market and all existing units returned for a full refund until Apple figures out a way to "fix" this.
They know it. We know it. Hackers know it. It's only a matter of time ...
...they've fixed my phone - and not the sms issue, but the lag, crashing and buggy firmware I got with version 3.0.
Anybody else notice some interesting new tweaks too?? The magnifying glass when selecting text is now square.... I was actually planning on selling my phone tomorrow out of desperation, and I know I haven't been the only one, but now it's back to pre-3.0 speed and robustness so I don't have to, phew! :)
it took more than 1 hour to backup on iPhone and load 300MB file through iTunes ... how about incremental backup over the air?
I've tweaked the firmware on my Windows Mobile phone - and I could deal with the baseband connection parameters as well. In fact, I can do that on prettymuch any CDMA or GSM phone on earth, including LOCKED iPhones and crappy little Nokia bricks. Apple is only complaining because they haven't gotten used to the facts of life in the cellular market.
Nevermind the fact that if I really wanted to do some damage I can buy a naked cellular radio, smack a SIM card into it and hook it up to a serial port and do prettymuch whatever the hell I want - and that's WAY cheaper than buying an iPhone.
If the tower's software is vulnerable to a DoS it should be fixed, PERIOD. And still - you're only going to take down one cell at a time - which means that in order to do anything on a "national security" level you're going to need thousands of phones... And even then, all you've done is piss off civilians, because nothing that's actually important operates over the cellular network anyway.
"Seems to me, in the interest of protecting America, all iPhones should be withdrawn from the market and all existing units returned for a full refund until Apple figures out a way to "fix" this."
Please tell me you are joking!
If you really think a jailbroken phone could cause havoc on the mobile network, then personally, I would be more worried about the network than the phones!
"Apple claims that any jailbroken iPhone can be used to disrupt cell tower service."
And I claim that the sky is green.
Jailbroken with Untrasn0w
Does this break the jailbreak does anyone know.
I'm holding off, the Ultrasn0w site doesn't seem to say. I'm thinking of not bothing patching and setting a low maximum spend with my network just in case it starts trying to send text / data / make premium calls.
Looking into the detail it doesn't look quite as bad as it sounds. It seems easy to crash the phone, but a lot more difficult to do any useful exploits. And fairly expensive too to go sending 1000's of text messages in the hope it will hit an unpatched iphone.
If you have a radio transmitter operating on the cellphone frequencies, then of course you can make a cellphone jammer. Obviously this would be illegal. A smart enough jammer might even be able to DoS the closest cell tower. Every cellphone, including the iphone, contains a radio transmitter operating on cellphone frequencies and a processor that controls it, in a self-contained unit all powered by an internal battery. Therefore a cellphone (such as the iphone) would be a convenient piece of hardware to use to make a cellphone jammer.
Obviously, to do this you would have to change the software on the cellphone, so "jailbreaking" an iphone would be a useful first step.
There's nothing new here.
"Apple claims that any jailbroken iPhone can be used to disrupt cell tower service." - Apple has claimed this to try and get a law in place to prevent jailbreaking, but if this was to be proved then the FCC would pull the licence.
Are you sure that wasn't just because the update process caused your iPhone to reboot? My iPhone needs a proper reboot (hold power button for 5 secs then swipe power off) about every 2 weeks.
What? Seriously? To fix one bug? I doubt that - a better question is what else have Apple snuck into the update?
Apple should be required to document this disruption claim (and if it can be documented face having to withdraw their product), or have their lawyers thrown in a nice cozy cell for giving the court blatant lies. They can't have a dangerous product on the market, and if the product isn't dangerous they've lied to the court. One or the other.
@"Bigger Fish to Fry"
So Apple says that if the iPhone is used in a way unintended, it could compromise security, and you think Apple should do something to stop that from happening.
Guess what. That's not Apple's problem.
That would be like saying that it's the car manufacturer's duty to make sure people can't use cars to run people over.
Sorry, the blame for a jailbroken iPhone crashing towers is solely on that iPhone's owner, not the manufacturer.
Think I'll wait for the Dev Team on this one!
You clearly haven't read the comments of the other much more informed commenters here. Do try to keep up.
Recursive Binary Feed for Crack Troupes and Elite Trappers.
"And even then, all you've done is piss off civilians, because nothing that's actually important operates over the cellular network anyway." ... By Anonymous Coward Posted Saturday 1st August 2009 00:25 GMT
Everything important, and I do mean EVERYTHING, operates over cellular networks. And slipping a few lines of sweet and sticky code/plaintext binary* into civilian ones, can easily open presumed secure closed networks from within, via AIRadicalised Virtualised Trojan, Fed and Feeding XSSXXXX Complicit and Explicit Programming Instructions.
*Coded Set Input of Deliberately Ambiguous Inclusive Swinging Context for Increased Flexibility and Greater Embedded Penetration .......for Core Source Infection/Injection/TakeOver/MakeOver.
silly wired.com iPhone stories
(The SMS patch is largely a PR exercise. Denial of service on any phone is possible just by calling it repeatedly, and that's all this is.)
Apple doesn't say there is a special way to perform this disruption with iPhone, just that illegal jailbreaking is a necessary part of any such disruption so it shouldn't be made legal any more than illegal copying of software/music etc should be made legal just because lots of people do it.
Apple is asking for iPhone jailbreaking NOT be made an exception to the DMCA. Being illegal doesn't stop anyone jailbreaking - there are millions of jailbroken phones. But if someone does find a way to spread a celltower-breaking trojan to every iPhone, it would be unfortunate if they hadn't done anything definitely illegal. In fact crazy lawyers might go after Apple's cash, blaming Apple for the disruption on account of not preventing jailbreaking.
Yeah, I'd get about a day of near-2.* speeds if I did a reset all settings with reboot, then it would slow to a crawl again... a few apple forums reported similar problems... it's a bit hit or miss as to what the update does to you phone, got friends with no problems at all, and others with worse... since this latest update it's been pretty solid, unless you go from Photos->SendAsMMS->Add Text.... it slows down for about 10 seconds, then catches up. Still, at least that's possible now! lol
The firmware is released as a single file. Even the most minor update requires a complete re-issue. Pause to unbunch pants, please.
@AC - DoS on BTS/NodeB ("tower")
Actually AC, James Butler is talking about using a proper GSM/UMTS communication device not just a signal jammer. A jammer broadcasting noise on a wide range of frequencies could take out a tower, maybe. If you can get about 30W of power onto a nice antenna quite high up very close to the tower. (you could probably do a local DoS with a smaller rig). Most operators use freq hopping now, so you'd need to scan a load of frequencies to make this work. Otherwise you're just taking out a couple of millisecs of a conversation.
But if you take a normal cellular radio and talk SMS codes with the tower, you could potentially shut it down. SMS was originally intended only for comms from big infrastructure. After a while one of the operators decided they could do mobile originated SMS. Noone else believed it was possible/useful. It was never intended for chatting with your mates.
If you can work out the relevant codes and bypass any security, you could shut the tower down or change parameters, like turn the power output down or change the frequency assignments.
This isn't something I ever played with, but my guess is you could almost do this from the keyboard on a normal phone (probably you need to type in hex values!)
It's probably easier to just saw through some cable on the mast or break into the control box and smash circuit boards. It would take longer to fix as well. No iPhone required.
More concerned at tweets from @MuscleNerdLuis who says that 3.0.1 doesn't actually fix the SMS hacks.
Which is probably true, as no one has actually exploited the "security hole", so they issue a "patch" where you can't actually test whether you can still "gain control" over an iPhone, but Apple get a pat on the back anyway for issuing the fix within "24 hours", even though they were told about it 3 weeks ago.
Is it me, or does the 3GS' battery drain a lot faster after installing this patch?
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Feature Be your own Big Brother: Monitoring your manor, the easy way
- Boffins say they've got Lithium batteries the wrong way around
- In a spin: Samsung accuses LG exec of washing machine SABOTAGE
- Phones 4u slips into administration after EE cuts ties with Brit mobe retailer