Apple patches Black Hat SMS vuln

@James Butler

I've tweaked the firmware on my Windows Mobile phone - and I could deal with the baseband connection parameters as well. In fact, I can do that on prettymuch any CDMA or GSM phone on earth, including LOCKED iPhones and crappy little Nokia bricks. Apple is only complaining because they haven't gotten used to the facts of life in the cellular market.

Nevermind the fact that if I really wanted to do some damage I can buy a naked cellular radio, smack a SIM card into it and hook it up to a serial port and do prettymuch whatever the hell I want - and that's WAY cheaper than buying an iPhone.

If the tower's software is vulnerable to a DoS it should be fixed, PERIOD. And still - you're only going to take down one cell at a time - which means that in order to do anything on a "national security" level you're going to need thousands of phones... And even then, all you've done is piss off civilians, because nothing that's actually important operates over the cellular network anyway.

Jailbroken with Untrasn0w

Does this break the jailbreak does anyone know.

I'm holding off, the Ultrasn0w site doesn't seem to say. I'm thinking of not bothing patching and setting a low maximum spend with my network just in case it starts trying to send text / data / make premium calls.

Looking into the detail it doesn't look quite as bad as it sounds. It seems easy to crash the phone, but a lot more difficult to do any useful exploits. And fairly expensive too to go sending 1000's of text messages in the hope it will hit an unpatched iphone.

@Benny

"Apple claims that any jailbroken iPhone can be used to disrupt cell tower service." - Apple has claimed this to try and get a law in place to prevent jailbreaking, but if this was to be proved then the FCC would pull the licence.

@Law ...

Are you sure that wasn't just because the update process caused your iPhone to reboot? My iPhone needs a proper reboot (hold power button for 5 secs then swipe power off) about every 2 weeks.

@"Bigger Fish to Fry"

So Apple says that if the iPhone is used in a way unintended, it could compromise security, and you think Apple should do something to stop that from happening.

Guess what. That's not Apple's problem.

That would be like saying that it's the car manufacturer's duty to make sure people can't use cars to run people over.

Sorry, the blame for a jailbroken iPhone crashing towers is solely on that iPhone's owner, not the manufacturer.

@ Actually

You clearly haven't read the comments of the other much more informed commenters here. Do try to keep up.

Recursive Binary Feed for Crack Troupes and Elite Trappers.

"And even then, all you've done is piss off civilians, because nothing that's actually important operates over the cellular network anyway." ... By Anonymous Coward Posted Saturday 1st August 2009 00:25 GMT

AC,

Everything important, and I do mean EVERYTHING, operates over cellular networks. And slipping a few lines of sweet and sticky code/plaintext binary* into civilian ones, can easily open presumed secure closed networks from within, via AIRadicalised Virtualised Trojan, Fed and Feeding XSSXXXX Complicit and Explicit Programming Instructions.

*Coded Set Input of Deliberately Ambiguous Inclusive Swinging Context for Increased Flexibility and Greater Embedded Penetration .......for Core Source Infection/Injection/TakeOver/MakeOver.

silly wired.com iPhone stories

(The SMS patch is largely a PR exercise. Denial of service on any phone is possible just by calling it repeatedly, and that's all this is.)

Apple doesn't say there is a special way to perform this disruption with iPhone, just that illegal jailbreaking is a necessary part of any such disruption so it shouldn't be made legal any more than illegal copying of software/music etc should be made legal just because lots of people do it.

Apple is asking for iPhone jailbreaking NOT be made an exception to the DMCA. Being illegal doesn't stop anyone jailbreaking - there are millions of jailbroken phones. But if someone does find a way to spread a celltower-breaking trojan to every iPhone, it would be unfortunate if they hadn't done anything definitely illegal. In fact crazy lawyers might go after Apple's cash, blaming Apple for the disruption on account of not preventing jailbreaking.

@Jeremy 2

The firmware is released as a single file. Even the most minor update requires a complete re-issue. Pause to unbunch pants, please.

@AC - DoS on BTS/NodeB ("tower")

Actually AC, James Butler is talking about using a proper GSM/UMTS communication device not just a signal jammer. A jammer broadcasting noise on a wide range of frequencies could take out a tower, maybe. If you can get about 30W of power onto a nice antenna quite high up very close to the tower. (you could probably do a local DoS with a smaller rig). Most operators use freq hopping now, so you'd need to scan a load of frequencies to make this work. Otherwise you're just taking out a couple of millisecs of a conversation.

But if you take a normal cellular radio and talk SMS codes with the tower, you could potentially shut it down. SMS was originally intended only for comms from big infrastructure. After a while one of the operators decided they could do mobile originated SMS. Noone else believed it was possible/useful. It was never intended for chatting with your mates.

If you can work out the relevant codes and bypass any security, you could shut the tower down or change parameters, like turn the power output down or change the frequency assignments.

This isn't something I ever played with, but my guess is you could almost do this from the keyboard on a normal phone (probably you need to type in hex values!)

It's probably easier to just saw through some cable on the mast or break into the control box and smash circuit boards. It would take longer to fix as well. No iPhone required.