By Elinor Mills, 3 July 2009 08:33
NEWS
Apple expects to have a fix later this month for a vulnerability in the iPhone that could allow an attacker to gain control of the device remotely via SMS, a security researcher said on Thursday.
An attacker could exploit a weakness in the way iPhones handle SMS messages to do things like use GPS to track the phone's location, turn on the microphone for eavesdropping, or take control of the device and add it to a botnet, Charlie Miller, co-author of The Mac Hacker's Handbook and principal security analyst at Independent Security Evaluators, said in a presentation at the SyScan conference in Singapore. The presentation was covered by IDG News Service.
Miller said that under an agreement with Apple, he was barred from providing too much detail on the vulnerability. He plans to give a more detailed presentation on the hole at the Black Hat conference in Las Vegas at the end of the month.
Despite the SMS hole, which "could be a critical vulnerability", the iPhone is more secure than OS X on computers, Miller said. That is because the iPhone doesn't support Adobe Flash and Java, only runs software digitally signed by Apple, includes hardware protection for data stored in memory, and runs applications in a sandbox, he said.
Apple representatives did not immediately respond to an email request for comment.
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below