Page last updated at 07:16 GMT, Saturday, 1 August 2009 08:16 UK

Apple fix to iPhone security flaw

HTC Magic
Google said that it had already patched the weakness

Apple has released a software patch to address a recently described security flaw in the iPhone.

Experts revealed on Thursday that modified SMS messages could result in iPhones being disconnected from the network or hijacked altogether.

Apple said phones incorporating other mobile operating systems, such as Windows Mobile and Google Android, were also potentially vulnerable.

It added that no-one had actually used the flaw to gain access to an iPhone.

A spokesperson for O2, the iPhone's service provider in the UK, said: "We will be communicating to customers both through the website and proactively. We always recommend our customers update their iPhone with the latest software and this is no different."

Access all areas

Charlie Miller and Collin Mulliner told the Black Hat conference in Las Vegas that the hack works by slightly modifying the data - sent by the network and which the user does not see - that arrives as part of a text message.

The system that processes such messages is similar across different operating systems and can, once compromised, gain access across a range of applications including a phone's address book or camera.

The team say that hackers could develop programs to exploit the weakness in as little as two weeks, but told the conference that publicising the means of attack was necessary to ensure the problem was addressed.

"If we don't talk about it, somebody is going to do it silently. The bad guys are going to do it no matter what," Mr Mulliner, an independent security expert, said.

The team wrote software to exploit the weakness, targeting iPhones on four networks in Germany as well as AT&T in the US. However, they believe it would work equally well in any country.

The approach is particularly dangerous because messages are delivered automatically, and users cannot tell that they have received the malicious code.

The problem could be fixed by directly patching the vulnerability in smartphones' operating systems, or the network providers could scan for messages that look to be trying to gain access to phones via the malicious code.

The researchers said they had informed Google of the hack and that the company had already taken steps to address the problem.

The Black Hat gathering, part of a leading series of conferences for information and computer security experts, took place from 25 to 30 July.

Apple were not available to comment on the flaw.

Print Sponsor

Giant leap looms for mobile bugs
23 Apr 09 |  Technology
iPhone bucks handset sales falls
30 Jul 09 |  Business
Microsoft targets the mobile web
04 Mar 08 |  Technology
Second 'Google phone' is unveiled
17 Feb 09 |  Technology

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific