Apple has patched a flaw in the iPhone that makes it vulnerable to being hacked by a text message.
Charlie Miller, security researcher at Independent Security Evaluators described on Thursday how he could take over an iPhone with a single text message. He made the disclosure at the Black Hat security conference in Las Vegas.
In an interview yesterday evening, Miller told me he told Apple about the flaw six weeks ago, but he didn’t get a sense that they were moving quickly. But after his final talk on Thursday, I watched as Apple security experts approached Miller. They asked him if they could quickly test the patch they had created in response to his talk. They needed details on the hack in order to be able to properly test whether their fix for the flaw would truly work.
Miller agreed to offer his help, and he joked, “I expect free lifetime service from AT&T.” The Apple guys laughed. Miller believed it wouldn’t be that hard to patch the system against his potential attack.
Today, the BBC is reporting that O2, a phone carrier in the United Kingdom, says Apple will deploy a patch on Saturday in networks in the United Kingdom. Miller and colleague Collin Mulliner found they could create a text message that could run unfiltered through a text message processing center and be routed to any phone. They could use it to turn an iPhone off every 10 seconds, rendering it useless or allowing it to be compromised.
[Update: A variety of sources, including Miller, now report the update is available on iTunes now.]