iPhone OS Critical SMS Vulnerabilities Being Patched

The ‘jailed’ environment in which all the iPhone OS applications exist, was designed as a security precaution, too. However, the old truth remains valid: if the security is tight enough to make users uncomfortable, they would seek the ways to loosen the security and thus all kind of undesired effects will spring into existence. Ars Technica comments the last iPhone piece of news, Apple patching critical SMS vulnerability in iPhone OS.
 
It goes on: Safari Charlie says that Apple is working on a patch for a serious flaw he identified in the SMS implementation on the iPhone. Further, he warns that users interested in security should avoid jailbreaking their phones.
 
Security researcher Charlie Miller has revealed that Apple is working on a patch for a security flaw he identified in the iPhone’s SMS implementation. The flaw can actually lead to arbitrary code execution, as he explained to Ars last month. Miller hasn’t yet detailed the flaw, citing an agreement with Apple, though he and partner Vincenzo Iozzo plan to detail their discovery later this month at the Black Hat Security Conference in Las Vegas.
 
During a presentation at the SyScan security conference in Singapore, Miller explained that a vulnerability in the iPhone’s handling of SMS messages makes it possible to send code instead of strictly text. Despite SMS’s 140 byte size limitation, the iPhone can reassemble larger messages that are broken up to fit the limitation, which allows larger programs to be sent. The iPhone can be instructed to execute SMS data as code instead of text, and when it executes the code it does so with root privileges and without any interaction from the user.
 
This vulnerability makes it possible to then turn off the signed code checks built in to iPhone OS and load unsigned libraries. That basically allows an attacker to load a complete shell environment and have complete control over the device, including access to any data stored on it. Miller told Ars last month that he didn’t know if the vulnerability still existed in iPhone OS 3.0, though the fact that Apple is working on a patch—and already has iPhone OS 3.1 in beta—suggests it still exists in the latest version, despite Apple patching 46 other potential security issues in the update.
 
The important message is this: the signed code check, the one preventing user from installing an arbitrary application, is the thing that makes users workaround the check, thus opening their device to many kind of attacks. The very idea of total monitoring of user activity, with overall control over their activity, isn’t making users happy and eventually brings up ‘discoveries’ similar to the mentioned bug. The security level for any given environment shouldn’t be too strict to make users uncomfortable – after that, the very idea of security dominating above all the other aspects becomes absurd.
 

This article was brought to you by the developers of IPHost Network Monitor, network and server monitoring software.

Advertisement

2009/07/28 - Posted by networkandservermonitoring | Uncategorized