Skip to main content
  1. Home
  2. Mobile

iPhone Vulnerability, Mac OS X Rootkit Debut at Black Hat

Geoff Duncan
By
iPhone Vulnerability, Mac OS X Rootkit Debut at Black Hat

The annual Black Hat security conference has gotten underway in Las Vegas, and, as promised, security researchers have detailed a technique that, in theory, could enable attackers to take over Apple’s popular iPhone using nothing by SMS messages which would be invisible to the iPhone’s owner. Apple has also took another hit on the chin with the demonstration of a proof-of-concept rootkit for Apple’s Mac OS X operating system, which—if exploited—could begin exposing the Macintosh to the kinds of malware nightmares Windows users have been enjoying for years.

As promised earlier this month, noted security analyst Charlie Miller detailed an exploit that potentially enables attackers to take over an iPhone using SMS messages; once in control, attackers could listen in on calls, access the phone’s location via GPS, run their own programs, and even use iPhones to participate in denial-of-service attacks. At his presentation, Miller also illustrated the flaw using Android- and Windows Mobile-based devices.

Recommended Videos

Miller informed Apple of the problem earlier this month, giving the company a chance to release a patch before going into detail of the vulnerability at the Black Hat conference. To date, Apple has not released any update to its iPhone software to address the problem, although a spokesman for European mobile carrier O2 has indicated Apple intends to release a patch for the SMS vulnerability imminently via iTunes. Miller said Google has already taken steps to address the problem. Apple recently issued an advisory warning users of jailbroken iPhones that they face greater vulnerability, including unreliable voice and data services, instability, and (perhaps most significantly) the inability to install crucial system updates from Apple.

Related

Security researcher Dino Dai Zovi also demonstrated a proof-of-concept rootkit for Mac OS X, potentially opening an avenue for a flood of malware on Apple’s computer operating system. Although Macintosh computers have historically not suffered attacks from worms, trojans, viruses, and other security exploit that Windows users have had to cope with for years, this has more to do with where attackers spend their time than anything innately more secure about the Mac: in fact, many security researchers rank the security of Mac OS X and Apple’s core applications below that of other mainstream operating systems.

Zovi, who wrote The Mac Hacker’s Handbook with Miller, demonstrated his proof of concept rootkit, implemented as a kernel proxy server on a controlling host, with remote agents running on compromised hosts. Once a system has been breached, it can obtain ports from the compromised kernels just like a local application; Zovi plans to release demonstrations of logging SSL traffic, iChat instant messaging sessions, and a way to grab frame from a Webcam; he also plans to publish a tool to identify compromised hosts. Apple has not commented on whether it has, or intends to, patch the vulnerability on which the rootkit is based.

Editors' Recommendations

Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
10 reasons you should buy an iPhone in 2024
Purple iPhone 14 (left) and a green iPhone 15 in hand.

The iPhone 15 lineup — which includes the standard iPhone 15 and the iPhone 15 Pro — is the iPhone at its best. It's the latest series of iPhones available today and the default choice if you're buying a new iPhone in 2024.

But it’s not the only choice of iPhones you can purchase. In fact, Apple still sells the iPhone 14, iPhone 13, and the iPhone SE on its website. You could also find other iPhone models available – refurbished or new — from other retailers or carrier stores.

Read more
We now know when Apple is adding RCS to the iPhone
The iPhone 14 Plus held in a man's hand.

Last November, Apple made a surprise announcement when it confirmed that RCS was coming to the iPhone in 2024. It's something iPhone and Android phone users alike have been waiting years for, but there was just one small problem: Apple never said when in 2024 RCS was coming. Thanks to Google, of all companies, we now have a better idea of when RCS is heading to the iPhone.

As spotted by 9to5Google, the Android website was recently updated with a new page dedicated to Google Messages. If you click on the "See more features" button for the section talking about RCS, there's a section titled "Better messaging for all" with the following text: "Apple has announced it will be adopting RCS in the fall of 2024. Once that happens, it will mean a better messaging experience for everyone."

Read more
iOS 18 could make my iPhone look like Android, and I hate it
The Apple iPhone 15 Pro Max and the Samsung Galaxy S23 Ultra's rear panels.

If rumors are to be believed, iOS 18 will allow you to customize the home screen on your iPhone more substantially than ever before. This feature will be familiar to Android phone owners, but I don’t want my iPhone to look like an Android phone.

It’s a weird double-edged sword, as by giving you more freedom to make the home screen look unique, iOS may also lose what makes it unique compared to the less constrained world of Android.
iOS 18 and your iPhone home screen

Read more