In a
week were it was revealed that the iPhone's encryption was about as useful
as a chocolate teapot, security experts have worked out a way of cracking
the Jesus phone by using an SMS message.
The news makes a mockery of Apple's
claims that its software has superior security to anyone else.According
to
CNET an attacker could exploit the hole to make calls, steal data, send text
messages, and do basically anything that the user does with their
iPhone. The attack is enabled by a serious memory corruption bug in the way
the iPhone handles SMS messages. There is no patch, despite the fact that
Apple was notified of the problem about six weeks ago.
To be fair
Android-based phones were found to be similarly susceptible to an SMS
attack, but attacker could temporarily knock the phone off the network but
not take control. Google patched the hole in a week and does not tell its
users that it is invulnerable to attack either.
Previous iPhone attacks
required an attacker to lure the iPhone user to visit a malicious Web site
or open a malicious file, but this attack requires no effort on the part of
the user and requires only that an attacker have the victim's phone
number.
Once inside a victim's phone, the attacker could then send an SMS to
anyone in the victim's address book and spread the attack from phone to
phone.