APPLE should be patching the lag in 3.0.

Unless you have a 3GS, 3.0 runs like crap on the iPhone3G.

@Quantumphysics

I second that.. my 3G runs like crap since I've upgraded to 3.0. Maybe Apple thinks they can force everyone to upgrade to the 3GS if they slow down the old ones enough..

lol, just stop complaining and upgrade to the 3GS...

Lol marty, that's a very practical solution for all of us. STOP BITCHING AND GO SPEND $400.

Thanks for the advice!

That's odd because anyone I know with a 3G said theirs got faster with the upgrade.

3.0 behaves like a beta release in far too many ways. Apple has some nerve to charge iPod Touch owners (not me) for almost downgrading their devices. I can't wait for 3.1.2!

You don't know me.

It's OK - I'll just take the battery ou.... Oh yeah.

Faraday cage iPhone case, anyone??? :)

I just upgraded to the 3GS from 3G, could not stand the lag on my 3G after 3.0 update.

upgrade to 3.1 its much faster plus you can send pictures!

Wait... Engadget's comment system allows 2 users to use the same name?

I knew this thing was shit, but wow! How could that have ever seemed like a good idea?

"you've been reported douche bag"

Pot, meet kettle...

Unfortunately, I usually do my upgrades according to DevTeam's schedule. So I'll have to just hope this exploit stays theoretical until then.

Don't read it then, moron.

Shows what you know. Network operators use SMS to configure phone settings. On phones that do not understand the settings, you just get garbled text. Try it. Put your iPhone sim card in a plain ol' GSM phone and have someone leave you a voice mail. You will get the voicemail ding on the ol' phone as well as an SMS settings text - this is the text that notifies iPhones you have a new visual voicemail.

@AroSlg

It doesn't matter that operators use SMS for backend settings. How often does a carrier turn on your camera or microphone? Apple knows what the SMS messages are used for since they wrote the interface and they should have put measures in place so that SMS only allowed valid command syntax. You're trying to excuse Apple here when they have no excuse.

@Jagster

agree w/ you 100%, there's no justification for something like this...

Well, come on now, according to Engadget, Apple is STILL awesome because "there haven't been more holes to plug"! Kudos Apple for only having a few privacy invading security holes. I think Engadget + Apple = love conspiracy theories are as rediculous as the next guy but to start off this article the way they did is just ridiculous.

Jagster, there's a flaw in some piece of code? Like that never happens.

SimbaDogg, how do you know there's no justification? Maybe there is, but you don't have the technical knowledge to think what it may be.

Think that could be right?

@Jagster

I agree. It really sounds like a bad programming decision. I can't really picture someone writing code for SMS that could possibly control the phone other than telling you "THIS MEETING SUCKS LOLZ" and not thinking what would happen if someone manipulated it.

@redcard - there isn't really any justification, they have a phone that is vulnerable to a simple SMS hack. Kinda major oversight there, how many other phones do you know that have issues with being hacked by SMS?

Actually I just thought of this. I wonder if it has something to do with MobileMe's Find My iPhone or whatever. That's probably why the vulnerability is there and probably how it works.

deanb, think this is the first time it has happened?

How about this post from 2006?
http://www.noeman.org/gsm/trash-section/15714-mobile-phone-hacking-via-sms-etc.html
How about this from 2007?
http://www.gizmowatch.com/entry/an-incredible-diy-mod-hack-your-camera-phone-through-a-sms/
How about this from April?
http://www.maximumpc.com/article/news/sms_hack_could_hijack_cell_phones

It's not likely to be the SMS that's doing it but the code behind it - when you get an SMS the application will store it in a buffer, manipulate it, figure out who it was from and much more - any step could have a buffer overrun or such.

How do you think IE gets exploited? It's not just HTML an such - everything ends up in memory at some point, if it's in the wrong place then it may be exploitable

just because this is in SMS doesn't mean it couldn't be elsewhere - just that the other apps don't manipulate the data in the same way

@redcard

Which supports someone elses reasoning on why this simple hack was left unchecked if its a known problem with other phones.

@KyleW,

No, the MobileMe service functions over the data connection. This is probably the same as any other hack, meaning the hacker is able to run his own code on the main processor via a flaw in the SMS handling protocols. And as you know, the processor controls everything.

No way this is how most of your apps get and send information. It's also how Apple uses the "Apple Killswitch" This is not a new vulnerability. Apple built this in, and has been discussed long before this. This person just brought it into the public realm.

@sweet greggo it's not that no one cares that there are few iphone hacks or Mac hacks even it's because those that write the viruses usually write them on macs as part of their twisted love affair with Apple. :(

People have been steadily trying to hack into every ones iphone since day one. Jailbreak and install Veency and see how many attacks you get an hour. It's disgusting how attempts to gain entrance into your device you will see. Veency makes it possible to seet he attacks because it will not allow a connection with out on device approval, but the attacks are pretty steady on all network connections. Think of all those people with bank passwords and credit card info on their iphones that they think is safe because they have it with them. Ummm no! The thing is Apple does not want people to know exactly how unsafe their information is. It's not safe on any device. If it makes it easier for you to get into your bank account or use your credit card it also makes it easier for hackers and thieves to get at your information and use it. Why isn't this breaking news? Well because people would stop using the devices if they truly knew how vulnerable they were. Why is this story now main stream? Well because now that push is active Apple can drop the use of the sms style of information sending and reporting, so the hole can have a light shined on it since they can now close it due to no use for it any longer. Apple would not be closing one hole with out creating another, so once this hole is closed your information is still going to be just as vulnerable. Hackers and thieve will always find away! Even if they have to go to work for major corporations and build the ways into the things meant to keep them out. People seem to underestimate the sheer patience and devotion that those that want whats yours have. IF you think push is so kewl think again, because it's a constant connection with your device. It's an open window for nefarious people to just climb right in and root around. It's being said that jailbreaking only makes this easier,but when one jailbreaks the device they then have the control to close as many holes as possible should they chose to. So I take that info as a sort of disinformation.

With all that said I repeat this is not a new exploit. It's just an old hidden exploit that's time has come and gone, and Apple feels is now safe to discuss. Anyone remember the boom video? You logged on on your iPhone and it then crashed your device. Too much info and system overload? Or Apple testing the Kill Switch?

I can hear it now, but Apple didn't release the information some Hacker did. He's not a hacker he's a techno safety consultant. Hackers don't sell their exploits to people that will use them to seal the hole. Hackers use the exploit till they can no longer safely use it, or they sell the exploit to underworld no gooders that use it to rob people. Any one that shows up to any of these hacking contests is not a hacker and I doubt they ever come up with a new exploit, but merely take what they have found in the underground and make it public. They are more like hacker journalist than hackers, but I'm sure they erk some people in the process. It's like tax attornies. they don't work for the IRS, because they know there is more money to be made on the other side of the law.

It's a smartphone of course someone can remotely turn on the gps , or camera or mic, or rummage through all your information. Think about that all would be criminals that have to have the latest and greatest cell/smartphone.

Many phones can have this done to them, however... Likely all condoned and utilized under the Patriot Act.

Correct

Obviously. Whenever I get a text it includes a bluish-gray 3d map of where they're texting me from.

Doesn't yours?

No, batman didnt use the phones cameras...if you noticed...it actually used all the phones microphones to create a sound picture...

eagle eye? ...

apple love to lie... there are many things which apple claims to not have or has.. (viruses, problems, and so on..)

@Paul.

So what about the mobileMe exploit?

@Paul

Ok, so the MobileMe was exploited for Trojan.

This is a hole that can be exploited for a worm which is far worse than a virus.

Paul I hope that you don't think in your "perfect world" where Windows is the minority that nobody will create viruses for Apple.

There are few hacks on the iPhone because, like the Macs, no one really cares.

@paul: http://www.kaspersky.com/viruswatchlite?search_virus=osx&hour_offset=-2

Paul -
So OSX has Trojans n Malware, but because its Virus-proof that makes it all better?
So what's you view on Asbestos? It gives you cancer, but at least its Fire-proof eh?

Thirty viruses, Paul? Somebody's insecure. If OSX is so amazing, we shouldn't be able to name one virus, should we?

@Paul

I guess I didn't make myself clear enough. It doesn't matter if a viruses can be written for the Mac or not.

NO. ONE. CARES.

@Flowah

I always feel sorry for the guys that Paul just so happens to respond to. I hope you unchecked the "e-mail when replies" box.

@ Paul , you failure of baboon...

There are no viruses anymore, viruses died a long time ago, all the risks since windows NT are Trojans and malware, update your brain to 2009 plz.

Dont bother paul.

They will avoid the question and call you names till they're blue in the face. They dont care that Macs are safer and easier to use, all they care about is having this argument where they can make themselves feel better.

In the end they are the losers, mac market share is rising almost faster than windows is falling. Goodbye to shitty computers.

@Paul

It's not that we don't like Apple, Paul. We just don't like you.

@Paul:

I fail to see your point. Can you name 30 Windows viruses ? i like to think of myself as a poweruser yet i can't name 30 without googling.
But to please you:

Antivirus360
AntivirusAgentPro
AntivirusDoktor2009
Bloodhound.Autoitinf
Bloodhound.Malautoit
Bloodhound.PDF
Bloodhound.Test
Boot.Chan
CoreGuardAntivirus2009
Downloader.Kidkiti
Downloader.lapurd
ErrorFix
ErrorRepair
FixTool
Hacktool.WFPOff
IACommand
Infostealer.Daonol
Infostealer.opassmtp
JS.Twettir
MalwareCleaner
OSX.Tored

OSX.Tored

Actually Paul's sort of right - you'd be hard pressed to find thirty viruses for OS X. But then you'd be hard pressed to find thirty that have the remotest chance of affecting Vista either. Most malware is now trojans and the likes.

I've been running Vista for 2 years and the Win7 RC since it dropped without any virus protection without problem. Viruses aren't the problem, trojans, malware, worms, etc. They're the problem. Stay away from the porn and you're all good.

oh and as for market share increasing? Not according to this: http://www.macrumors.com/2009/04/16/apples-us-market-share-slips-in-1q-2009/

@ Paul , wtf?! "Somebody needs to tell these Anti-Virus companies about that. They should be out of business. " what?! because they are called anti viruses? thats your point?! ARE YOU SHITTING ME?! guess what numbnut, they have ANTI VIRUSES for OSX too... so what is your god damn point?!

I repeat again, maybe you will understand this time, there are no more viruses affecting PCs or Macs, all the threats today are worms, trojans and malware.

Update yourself to 2009.

Regarding market share, world wide Apple are stuck on between 5% and 6% for some time now http://www.w3counter.com/globalstats.php
Mac OS X 5.42%

But of course to iTards , US is the world.

Not really, when Nokia had their SMS virus issue they kind of got a free pass on it and they dwarf Apple for presence in the phone market.

@ Mark Anderson II
Nokia expolit stoped you from getting more SMSs as the memory was reported to be full.

I guess with this issue, I could execute Search, it would be nice to search the phone for all emails with "username" and "passwords" or bank details and send them to me?

cheaper for sure, but more reliable.... :S

http://www.pigeonracer.com/

They are about the same price as iPhones.

definately not cheaper either

Yeah, but they shit all over my car.

Uhhh, Bird Flu?

When did LOL become a word?

@Shenanigans
A little while ago :)
http://www.merriam-webster.com/dictionary/LOL

When did 'LOL' become *one* word?

...none of which keeps you from looking like a clown when you use the term, however.

When is Engadget going to get a properly working comment system...

never...

Paul, if it wasn't for your last sentence, I'd have been 100% sure you were trolling. Now I'm only 90% sure, and 10% scared.

There have been A LOT of 0-day vulnerabilities through the years. The most recent I can think of was an exploit in the way IE/windows handled Jpeg files while browsing. There was a way to get the PC to run arbitrary code just by viewing a photo. View a website with an intentionally corrupted banner jpeg, get a trojan, yay windows! This security flaw was discovered, and published, and then the same day was being exploited. Numerous people were infected with all kinds of trojans in the period of a few days, and microsoft cranked out a patch in 2-3 days, and put it out on a friday (they broke their normal patch schedule for this one with good reason) iirc.

Don't forget that it was Apple's very own Safari that had a remote-code execution exploit which first jailbroke the iPhone, and it was done by simply viewing an image.

So they tried to sell him Norton? Maybe that says more about your friend than it does the guys at the Apple store. And if your terrible abuse of the English language is any indication of the company you keep, I wouldn't be surprised in the slightest.....

You stole my thunder!

Norton for his dual-booted Windows...

"Apple will not be ready"

OK, your scenario sure sounds exciting and foreboding! Not gonna happen buddy, stop yapping your gums. Grow up.

And if all that fire and brimstone does happen? Well, I guess I'll do what Windows users have done for years - act like it's no big deal and pick up the pieces.

@iwazafanboi

um your story is awesome...however, iphones can't do more than 1 thing at a time.

Very nice. Now let's try it with your phone:

WinMo user: (Doesn't do anything on his phone because it's so antiquated and cumbersome)

Hacker: Zzzzzzz

or

WinMo user: (opens Web browser on phone)

Hacker: (starts exploit)

WinMo user: (removes battery to reboot crashed OS)

Hacker: "I hate my life..."

LOL...no

http://hackaday.com/2008/12/30/25c3-nokia-exploit-stops-all-inbound-sms/

Why? Do you know a 'hack' to make the Zune into a phone?