The iPhone’s security flaws were laid bare at the Black Hat Conference in Las Vegas yesterday, and now the smartphone-clutching public has boiled itself into a frenzy. But how serious is this supposed iPhone virus, and what can be done to protect your iPhone from infection? Here is what we know, and why you probably shouldn’t worry.
The Attack Comes Through SMS
The iPhone virus exploits a memory corruption bug in the way the iPhone handles SMS messages. If your phone is the target of a hacker, you will receive a text message with only a square in the message — that’s when you know someone is digging his heels into your sand. But according to Eric Everson, founder of security firm MyMobiSafe, it takes a total of 512 text messages to actually get under the hood. The other 511 may float in like ghosts, totally undetectable to the user, but if at least one of them is deleted, the hack is incomplete. Turning your iPhone off or sliding it into Airplane Mode are quick and simple ways to escape the bull’s-eye.
It Affects Most of Your Phone
Find yourself infected? Here’s what hackers can do: push your phone into Denial of Service (DOS) from which you cannot make or receive phone calls; flood you and your friends with spam text messages (further spreading the virus); reconfigure keys; and distort or deface text. Since you will have lost control of your phone, the possibility of losing credit card and other personal information is at risk as well. This does not mean you should remove all data from your iPhone; you wouldn’t do the same with your home computer, would you? The effects are obviously the scariest part of the iPhone virus, but because it hasn’t evolved to the point of mass distribution, these facts are just worst case scenario campfire stories.
It Requires No User Interaction
Other smartphone hacks use SMS as a way of leading users to malware-plagued Web pages on mobile browsers. This new virus does not have that requirement. It does not need to lure you to a site; the iPhone virus does all the heavy lifting for you. But if you’re diligent and know what’s coming after you, you should be able to avoid all pitfalls.
It’s Not Out Yet
This is the most important point to keep in mind. The flaw was discovered by cybersecurity researchers Charlie Miller and Collin Mulliner — emphasis on researchers. They acknowledged the virus’s potential, but also that it has to be done manually and therefore is not yet a virus in the wild. Sophisticated hackers, of course, could turn this statement on its head in a matter of weeks, but Apple should be releasing a patch soon — despite the fact that it has known about this flaw for six weeks.
The iPhone is a miniature computer, so it should be expected to have tiny gashes in its armor that allow for viruses to infiltrate. This is not a reason to panic. Booting up your iPhone brings with it the same risks as turning on your MacBook. If you’re going to be gripped in fear about one, you have to be the same about the other. When you look at it that way, you realize how insignificant this news really is.