华雪亮

华雪亮的博客

他的个人主页  他的博客

安全专家发现iPhone的一个致命的漏洞,通样的漏洞可能存在

华雪亮  2009年07月31日 星期五 21:39 | 1339次浏览 | 2条评论

在美国举行的Black Hat大会上,两位安全专家展示了iPhone的一个漏洞,并宣称黑客可以通过普通的SMS短信来控制你的手机.

没时间翻译,转载了:

http://mashable.com/2009/07/30/iphone-hack/

As we reported earlier today, security experts Charlie Miller and Collin Mulliner have exposed an iPhone virus that could allow criminals to control your phone just by sending a single text message (SMS). Their presentation, at the Black Hat conference in Las Vegas, is making a lot of waves, but the details are scattered or overly technical for most iPhone owners.

 

That’s why we’ve done some research on the information that has come out on this security vulnerability. The technical detail involved in the hack can be overwhelming, so we’re synthesizing it down to the key points – as well what you can expect. Don’t be alarmed, but be vigilant. Here’s the security breakdown:

 

    1. The major issue is a security flaw involving SMS. Specifically, the hack can control an iPhone remotely, including your iPhone’s camera, Safari (Safari), and more. It can even send messages to friends in your address book, which is where this hack becomes scariest.

 

    2. The hack works by sending you code in an SMS message (or a series of messages) that crashes your iPhone. After that, your iPhone is theirs to use.

 

    3. The offending text would come in the form of a single square character. If you get the square character, turn off your phone IMMEDIATELY.

 

    4. You only have to receive the message to get hacked; you don’t even have to do anything with the text message.

 

    5. The flaw was discovered by noted security expert Charlie Miller, who has hacked everything from MacBook Airs to Second Life, and partner Collin Mullinger.

 

    6. The attack was presented publicly at the Black Hat conference. The duo decided to do this after Apple gave them no response back in July, when they provided Apple with information on the security flaw. The goal is to bring attention to the flaw (which they are clearly getting).

 

    7. According to Reuters, now that the vulnerability is exposed, hackers could build software that mounts this SMS attack within the next two weeks.

 

    8. Apparently Google Android, Windows Mobile phones, and Palm Pres are vulnerable to similar hacks. The team demonstrated the attack on an Android (Android) phone and a Windows Mobile phone. 

 

While we’re still sifting through very technical information on this attack, it’s a clear reminder that no software, no computer, and no phone is safe from thieves, hackers, and harm. We’ll provide additional updates as they come from either Black Hat or Apple.

 

Update: For now, your phone isn’t in immediate danger, as it will take time before malicious individuals can build the necessary code to mount this type of SMS attack. We’ll update you if that changes. Here’s Miller and Mullinger’s paper on the subject if you’d like to check it out:

评论

我的评论:

发表评论

请 登录 后发表评论。还没有在Zeuux哲思注册吗?现在 注册 !
华雪亮

回复 华雪亮  2009年07月31日 星期五 21:50

不知道是同样的么....目前iPhone上刚公布出来,还没有人开发出正式的软件来发动攻击,解决方法就是当你在iphone上收到的短信中含有方格字符(square character),立刻关机

0条回复

夏清然

回复 夏清然  2009年07月31日 星期五 21:45

想起了前几天的Nokia Symbian S60的短信漏洞...

0条回复

暂时没有评论

Zeuux © 2024

京ICP备05028076号