Apple, a company that prides itself on how secure their operating system and devices are, has a severely vulnerable device which millions and millions of customers own – The Apple iPhone. Charlie Miller, an iPhone cracker, today announced the first iPhone virus which affects all generations of the iPhone.
Miller found the vulnerability several weeks ago and reported the issue to Apple and Apple plans on patching the vulnerability in the iPhone 3.1 firmware update but that isn’t due out until September. Therefore, between now and September millions of users will be left vulnerable to the security hole.
How The iPhone SMS Hack Works
All that is required to infect an iPhone is the iPhone’s phone number. With only the phone number Miller can exploit the way that the iPhone handles memory for SMS messages. By sending hundreds of control SMS messages to the iPhone phone number (these type of messages are not seen by the victim) the attacker can takeover your iPhone. Only one SMS message will be seen by the victim but by the time they see this, their phone will have already been taken over (or owned).
What Happens After Being Infected?
Once the attacker has gained access to your phone by exploiting the memory vulnerability, the attacker can steal your data from your phone, send text messages and even make calls from your iPhone. They can even have a virus spread the attack from your iPhone to everyone in your address book of your phone so any friends you have in your address book which has an iPhone, will also be infected.
Am I Infected with iPhone SMS Virus?
If your phone suddenly begins calling people on its own, sends text messages without you doing so and you see an odd SMS message then chances are you have been infected by the iPhone SMS hack. The only way to remove it would be to fully wipe your device and reload the firmware.
The text message which actually initiates the memory corruption will contain a square box or (non-recognizable alphanumeric character).
Protecting Your iPhone From iPhone SMS Hack/Virus
You have a few options here and a couple that may or may not work for you.
1. Put your iPhone in Airplane mode. This means you won’t be able to make calls or receive/send messages. You’ll be dead in the water in terms of connectivity.
2. Power down your phone completely. Again, you’ll be dead in the water and not even be able to play games :)
3. If you’re using a jailbroken iPhone then you can SSH to your iPhone, navigate to the Applications directory and then remove all permissions from MobileSMS.app. This prevents SMS application from running on the phone.
4. This one, I am not sure if it will work or not but you could try disabling SMS in the parental controls. Again, this may or may not work.
Until a patch has been released by Apple, there is no good cure for phones that have not been jailbroken. Hopefully Apple will release a patch sooner rather than later.