SMS could be a critical iPhone vulnerability, says white-hat hacker
In his SyScan presentation in Singapore today, Mac security expert and Pwn2Own 2009 champ Charlie Miller discussed a vulnerability on the iPhone that allows remote code execution through SMS, which can tap into an iPhone's GPS or microphone, to divulge the phone owner's location or eavesdrop on them. Phones that have been compromised can also be used in a botnet or DDOS attack.
Miller is reportedly working with Apple to patch the vulnerability, so he did not go into great detail about the methods of exploitation. However, Miller did say, "SMS is a great vector to attack the iPhone...The iPhone is more secure than OS X, but SMS could be a critical vulnerability."
Developers were given access to the beta build of the iPhone 3.1 firmware yesterday, which reportedly addresses this vulnerability. Miller is expected to go into greater detail about the exploit at Black Hat 2009, by which time it should be fully patched.