Security Conference Debuts Apple iPhone SMS Hack

July 31, 2009 7:40 a.m. EST

Las Vegas, NV (AHN) - A new vulnerability in the popular Apple iPhone has been revealed at an international hacking and security conference, Black Hat 2009. Dr. Charlie Miller, the first person to offer public exploits of the iPhone and Google's Android operating system, showed the Las Vegas crowd a new vulnerability that allows a simple SMS text message to hack the iPod/mobile phone hybrid.

Miller is currently an analyst at Independent Security Evaluators (ISE) and was ranked one of Popular Mechanics magazine's "Top 10 Hackers" in 2008. Miller delivered two speeches at Black Hat; "Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone" and "Fuzzing the Phone in your Phone."

During his speech, Miller outlined "how is it possible to effectively run high level payloads on a factory [Apple iPhone] by defeating code signing protections after exploitation."

The lecture outlined how to hack into the popular smartphone. According to ISE, Miller detailed the attacks: "Specifically by injecting an arbitrary non-signed library in the victim's process address space, an attacker is able to run his own code thus granting a much higher attack efficacy. This is especially important because on factory iPhones, there are no useful utilities, not even a shell. With this technique, an attacker can bring along their own tools, including the ability to get directory listing, upload and download files, even pivot attacks."