Apple today released a new iPhone software patch that fixes a critical software vulnerability allowing hackers to secretly hijack a subscriber’s phone.
Independent researchers Collin Mulliner and Charlie Miller, who presented the information during the Black Hat security conference, discussed the major SMS message flaw. A hacker has the ability to use the way the iPhone handles text messages against the device, completely controlling the device – placing calls, sending or receiving text messages, using the Internet, and other popular functions.
Of course it’s possible the vulnerability could be used to send out malicious messages, though AT&T, the lone U.S. service provider, would quickly eliminate as many hijacked messages as possible. Specifically, Mulliner and Miller are both concerned hackers could use a hijacked phone to send launch other SMS attacks on iPhones, which could end up spreading like wildfire.
If you’re a current iPhone owner, it’s highly recommended you download the patch through iTunes, then connect the phone to a computer and get the security update.
It’s nice to see Apple finally fix the flaw, but it’s a shame it took so long for the company to do something about it. Despite the recent fix, the SMS vulnerability has been written about and discussed for some time now.
There is growing concern regarding mobile phone vulnerabilities and attacks, as the number of smartphone owners continues to increase. Furthermore, the amount of personal information stored on phones, including phones, e-mail addresses and banking information, make them an appealing target for hackers.