Because of the popularity of the iPhone security concerns with the device are oftenignored if not dismissed all together, especially when compared to the BlackBerry. I’d be willing to bet, however, that IT firms that allow users to access corporate email from their iPhones will listen intently to what researchers Collin Mulliner and Charlie Miller have to say about iPhone security going forward.
You see, these two gentlemen recently took complete control over the iPhone of Elinor Mills, senior technology writer for CNet, with an SMS message at the Black Hat Security Conference in Las Vegas.
Here’s what happened: While I was talking on the phone to Charlie Miller, his partner, Collin Mulliner, sent me a text message from his phone. One minute I’m talking to Miller and the next minute my phone is dead, and this time it’s not AT&T’s fault. After a few seconds it came back to life, but I was not able to make or receive calls until I rebooted.
My iPhone is not jailbroken and it is running iPhone OS 3.0.
The attack is enabled by a serious memory corruption bug in the way the iPhone handles SMS messages, said Miller, a senior security researcher at Independent Security Evaluators.
Apple was notified about the vulnerability which affects all versions of the iPhone OS about 6 weeks ago, however, no patch has been released to correct the issue as of yet.
[Read]
An update, iPhone OS 3.0.1, which address this issue, has been realeased…
All better, no need to doubt Apple, or use ignorant fear to try and push the other less advanced smartphones.
IT firms should be listening to everything. Don’t think for a second that the BB, like the iPhone is impervious to hackers, HOWEVER do think, watch and enjoy how Apple and the iPhone have the ability for quick and easy software upgrades. The iPhone software upgrades can be pushed out by the manufacture without the service providers slowing down or controlling (aka verion’ing) the software before the smart phone owner is able to get it and keep their devices up to date, not only for security, but for added functions.