That iPhone SMS bug that we heard about towards the end of July, and was then patched by Apple the same day the hack was unveiled, was discovered by Charlie Miller from Independent Security Evaluators. He just had an exclusive interview with Tom’s Hardware discussing how the SMS exploit worked and even takes a few jabs at AT&T and Apple for spreading lies about how a jailbroken iPhone can cause problems:
Alan: Apple and AT&T have claimed that “Jailbreaking” could cause problems with the ECID? Based upon your knowledge of the iPhone, do you believe this to be true?
Charlie: No, this is AT&T trying to make sure they make as much money as possible. Absolute FUD.
Alan: What about the claim that a jailbroken iPhone could crash cell phone towers–has anyone ever looked at the security of the software running cell phone towers?
Charlie: This is complete BS. You can diff a jailbroken kernel with a standard iPhone kernel and there are very few places that are changed. In particular, it doesn’t mess with anything that has to do with the communication with the carrier. Even if it did do something crazy, which it doesn’t, I would hope that the towers are robust enough to handle it. Just as the software in the iPhone should be able to handle any type of input it receives, the cell towers should too. I hope the carriers adequately test their equipment. If not, they can always give me a call, I’d be happy to help. In other words, if all it takes for a terrorist to take down cellular communication in this country is have a jailbroken iPhone, we’re in trouble.
As an aside, that was another reason I liked the injection method of testing SMS messages locally. I think if I fuzzed the phone using the carrier network, I probably would have crashed something. Even though it would be unintended, I could see them throwing me in jail for that, and that’s one place I don’t want to visit!