iPhone open to SMS attack

Stephen Withers
Friday, 03 July 2009 03:50

Your IT - Mobility

Miller argues the independent security researchers deserve to be rewarded for the work they do. His success at PWN2OWN brought him cash and computers, but he has said that the Safari exploit he used in this year's contest was worth more than he won.

"I could get more than $5,000 for it but I like the idea of coming here and showcasing what I can do and get some headlines for the company I work for," Miller told ZDNet earlier this year.

When Miller presented the iPhone SMS vulnerability at the SyScan conference in Singapore yesterday he said an agreement with Apple prevented him providing full details of the issue. So presumably that agreement includes reasonable financial compensation.

Apple is said to be working on an update to overcome the vulnerability, which should be released in the next few weeks. Miller is scheduled to provide further details of the issue in his presentation at the Black Hat USA 2009 conference, which runs from July 25-30 in Las Vegas.

The abstract for the session, which Miller will present with Collin Mulliner, mentions techniques applying to the iPhone, Android and Windows Mobile devices.

Shortly before Miller's Singapore presentation, Apple released a beta version of iPhone OS 3.1 to registered developers. It is not known at this time whether the new software includes a fix for the SMS flaw, but the timing does allow for speculation.

Miller's SyScan presentation was originally covered by IDG News Service.