Countless news articles are floating around about the iPhone and SMS hack. I will explain it here in “normal” terms and explain what all this means to you.

Introduction
Yesterday, Thursday 7/30/09, two security expert (also known as hackers), presented a way to hack an iPhone by sending it a specially made SMS (text) messages. This presentation was held at Black Hat which is one of the largest hacker conference in the world. Since Wednesday all the buzz has been around this iPhone hack with a lot of speculation and rumors flying all over the place. Here are the facts I have captured.

What is the hack?
An attacker can send an iPhone or other vulnerable device a specially made SMS message. You will notice a single character, blank, or carrier SMS text coming from 611 or somewhere unknown. In the background the phone will be controlled by the attacker.

How does it work?
The attack occurs by a memory corruption in the way the iPhone handles SMS messages. For the hack to work the attacker must send hundreds of SMS control messages which you do not see. You would only see one SMS message coming in. In the background you will be receiving the control messages that have the ability to do many different things.

What can be done with this hack?
An attacker could exploit this security hole to make calls, steal data, send text messages, and do more or less anything a person can do on their iPhone. Speculation around being able to put a virus on your phone before you can turn it off have been thrown around as well. Basically not a good thing if you receive a message like this.

Does this only affect the iPhone?
No this hack works in conjunction with the way GSM networks work. GSM networks in the USA include AT&T and T-Mobile. The hackers also showed an Android phone (which Google claims they have already fixed the issues) and a Sony Ericsson phone beeing hacked in a live demonstration. Here are the images. BlackBerry’s have not been addressed but it is doubtful this hack works on those devices.

Who can do this?
Currently only a limited amount of hackers have the capability to do this. However they will be releasing a tool that uses these vulnerabilities to the general public on August 15th through Cydia (the App Store for Jailbroken iPhones). So consider yourself semi-safe until that day.

What about Apple? Do they know about this? Fixing it?
According to the researchers they notified Apple as long as 6 weeks ago about this vulnerability. Apple claims to be working on a fix. The hackers also notified the GSM alliance which has been working to fix this issue as well. Our best hope is that the fixes come out before August 15th.

How do I know this is happening to me and what can I do?
You will receive a text message from 611 or a strange number that looks weird, it might have one character or a message like the example the hackers gave: “You’ve received a free $20 credit…” or “New settings received. Install?”. If this happens to you the only thing you can do to stop it is to turn off your phone immediately! Even then it might be too late.

I am paranoid is there a fix now?
The only claim to fix this now on the iPhone involves disabling SMS text messages altogether. You would need to jailbreak your phone and log in via SSH. If those two sentences made sense, feel free to read the how to over at quickpwn.com.

Further Reading
News articles: ZDNet or The iPhone Blog or AP News.
White paper on Hijacking Mobile Data Connections and a detailed blog on the presentation.

As you can see this can become a huge issue if Apple and GSM carriers do not fix the issue prior to August 15th. As soon as the newest iPhone software is released, update your phone, no questions asked. I will keep you updated on the latest findings.

Till next time,
Jorge Orchilles

As Black Hat comes to an end we will begin to see all of it’s content posted on the internet and have more than enough to read for the coming weeks. Today a lot has been released and I have filtered through most of the talks and presentations and would like to provide you with the best content organized in no order:

Apple iPhone and other GSM phone hack – This topic is hitting the news all over the place, here are the ones with the best content

• Live Blog: Blackhat 2009 Day 2 from Security Monkey <- Best information on this topic
• Introduction to the SMS hack the day prior to the presentation. Via ZDNet
• A good overview of the presentation from Threatpost.com
• SMS attack is not just for the iPhone from theiphoneblog.com
• Images of the iPhone and Sony Ericsoon hack from Information Week.

Cloud Computing

• Overview of Cloud Computing presentation by Alex Stamos via InformationWeek. Says the the term cloud computing is useless! Going to have to see this one for myself.
• Link to podcast

US Cyber Security – the government really wants hackers to work for them!

• Hackers: Uncle Sam wants you! via Internetnews.com
• US falling behind on catching up with Cyber Security via Internetnews.com
• Not part of Black Hat but have you heard of the US Cyber Security challenge? Three challenges aimed at recruiting the top 10,000 US Hackers!

SSL

• Summary of presentation to spoof SSL certificates by Moxie via the Register
• Video by Moxie on More Tricks for Defeating SSL same presentation as previous.
• PKI Hack Demonstrates flaws in digital certificate technology via darkreading.com presentation was by Dan Kaminsky
• Verisign response to both SSL presentations.
• Bonus blog by Schneier on new AES Attack

Parking Meters Hacked

• San Francisco parking meters hacked via PC World
• Second good article via cnet news, this one has pictures
• “Smart” Parking Meter Implementations, Globalism, and You presentation via crypto.nsa.org.
• Pictures of presentation and small explanations thanks to PC World.

Misc

• The Pwnie Award Winners
• Mac OS X Rootkit Debuts via InformationWeek. Only a proof of concept.
• Jeremiah Grossman presentation on Mo’ Money Mo’ Problems – Making even more money online the black hat way

Other full day roundups and blogs

• Network World NetFlash: Black Hat roundup (has repeat content from here, all links are NetworkWorld.com)
• Security4all Blog: Day 2 collection of #blackhat articles Also some repeat content.
• Follow live pictures from the event via TwitPicWall.

When you are done catching up come back as DefCon is just getting started and more content will be posted as the conferences wrap up.

Till next time,
Jorge Orchilles

Following up with my original post on hacking Google Voice, it was brought to my attention that Apple has blocked the Google Voice App from the App Store, meaning iPhone users will not be getting the Google Voice app like the fortunate BlackBerry and Android users. Google has confirmed that the rejection was because of AT&T. The reason given is that it is against AT&T’s business model as the software allows free SMS and cheaper long distance calling. Furthermore, I believe that Apple is also behind this as they see Google as competition now instead of a partner when their iPhone launched. Google went behind Apple’s back and made the Android mobile platform, now they are working on browsers and operating systems.

In my opinion, this is a smart move for Apple and AT&T both but it does not hide where the future of communication is heading. Grab on to a cheap unlimited data plan with a reliable and fast network as the days of paying for “voice and minutes” will soon be a thing of the past. Additionally, this move shows the competition Google is giving everyone and the steps they are taking to block Google out.

Till next time,
Jorge Orchilles

In my last Windows 7 blog post I wrote about an issue I was having running VMWare vSphere Client 4.0 on Windows 7 RTM 64 bit. Further research shows that this issue occurs in all versions of Windows 7. VMWare will most likely have to release a patch for their software as Windows 7 is now final. Thanks to this VMWare community post I was pointed to the right direction to fix it.

Problem
Although vSphere Client installs fine, when you try to connect to any server you get this error:

Error parsing the server “serverIP” “clients.xml” file. Login will continue, contact your system administrator.

Immediately followed by this error:

The type initializer for ‘VirtualInfrastructure.Utils.HttpWebRequestProxy’ threw an exception.

Solution

1. Obtain a copy of C:\Program Files\Microsoft.NET\Framework\v2.0.50727\System.dll from a non Windows 7 machine that has .NET 3.5 SP1 installed. You can also download the file from here (recommended for step 3)
2. Create a folder in the Windows 7 machine where the vSphere client is installed and copy the file from step 1 into this folder. For this example, create the folder under the vSphere client launcher installation directory and call it Lib+ (C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\Lib+) for 32 bit versions (C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\Lib+)
3. Copy the VpxClient.exe.config from the zip in step 1 and put it in the “Launder” directory, overwriting the current file. What this is doing is adding a runtime option so you can run vSphere in developer mode.
4. In the same “Launcher” directory (doesn’t matter where really) right click and create a new “Text Document” and name it VpxClient.cmd (remove the .txt part) Open the file with notepad and for 64 bit put this in:
   

   @echo Off
   SET DEVPATH=%ProgramFiles(x86)%\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\Lib+
   “%ProgramFiles(x86)%\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe”

   For 32 bit:
   

   @echo Off
   SET DEVPATH=%ProgramFiles%\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\Lib+
   “%ProgramFiles%\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe”

Thanks to the people on the VMWare communities forum that pointed me in the right direction for this. Hopefully VMWare comes out with a fix soon. For now this will do, it beats running a VM to administer other VM’s

Till Next Time,
Jorge Orchilles