Here's hoping my iPhone doesn't get hacked…

This started as an email to my friends and family that are iPhone owners, but I figured I might as well post it here too.

I'm not sure how true or severe this is, but I figure it's better to have information in advance so you know what to expect. It seems to be a legitimate article from a reputable source… so I'm fairly convinced it's true.

How To Hijack 'Every iPhone in the World'

My Summary: There's a bug in the iPhone SMS software that allows someone to send you a series of SMS messages, only one of which will show up. The guy in the article says the visible message from his version will only have 1 character, a square, but his method could be easily changed by another hacker to display another message, perhaps to look more innocuous. It looks like it will work in the same fashion as an internet worm: Spreading by sending itself to your contacts — so you will probably get the message from someone you know.

The only way to stop it from spreading is to immediately turn your phone off after receiving the message. It's not clear if or when you'll be able to turn it back on.

I would assume, but am not sure, that if you immediately turned it off, and then only turned it back on when you were ready to immediately restore from your most recent backup (which is made when you connect to iTunes), that might remove the malicious code… but then it's just a matter of time until you get it again. The more people that know you, the better your chances for getting infected (and again, and again, and again…).

Scary stuff! I hope Apple addresses this quickly.

Update: A friend informed me that hitting the Check for Update button in iTunes netted him the 3.0.1 firmware. Indeed, it's now available and the only note in the change log was that the SMS bug had beed addressed. I can finally stop worrying.

Posted in Apple | 2 Responses  

2 responses:

• Aaron West Jul 30, 2009 at 5:39 PM I read about this potential bug in Wired's news feed this morning. It's pretty insane if it works like the news articles say.
  
  I would submit that shutting your phone off - should you receive an infected message - is not your only way to stop the infections propagation. You could also quickly access iPhone Settings and activate Airplane Mode.
  
  What isn't clear, is what the bug actually does. If you get the SMS and you shut down your phone or deactivate the radios, what then? Do you call Apple? What's broke and how to fix it after you have been infected isn't clear at all.
• Adam Jul 31, 2009 at 8:34 AM Good points, Aaron. I hadn't thought of airplane mode, though I have used that in the past to reset the radio when having trouble getting on the 'net.
  
  Like I said in the post, I assume that restoring from backup would (probably) get rid of the worm, but you're right that nobody has identified clearly yet if that's true.