SMS vulnerability “patch” for jailbroken iPhones
by Justin Horn on Jul 30th, 2009 @ 7:07 pmThe SMS vulnerability is going to be public knowledge any minute now and Apple has yet to patch or even comment on it. If you are jailbroken you are in luck though, you can “patch” your phone by disabling your messages app. Not an ideal solution, but for the paranoid it might not be a bad option. Keep in mind that this may not actually prevent the attack. The exploit works by sending over a hundred text to your iPhone which you only see one of in your messages app.
QuickPwn has posted the steps needed to accomplish this:
- Jailbreak your iPhone using either redsn0w or purplera1n
- Go to Cydia, search for OpenSSH and install it
- Download an SSH client (WinSCP for Windows users and Cyberduck for Mac)
- Make sure WiFi is turned on, go to Settings -> WiFi. Select your network and check your iPhone’s IP. SSH in to your iPhone using the iPhone’s IP. Login with the Username: root and Password: alpine.
- Navigate to the Applications directory
- Locate the directory named MobileSMS.app. Right-click and click on properties. Where it says Permissions uncheck all the options.
- Click OK.
- To test if you did this right, tap the SMS app on your iPhone and it should crash when you launch it!
Follow me on Twitter @justin_horn
View 3 Comments
Apple vs ?, at&t, iPhone
Recent Post
- More details on the iPad mini new multitouch feature
- iPad Mini predictions
- Zune still the butt of jokes, this time on the Simpsons
- AT&T LTE No Service: Too many LTE iPhone 5 users?
- iPhone 5 cellular usage while on WIFI bug affects AT&T users as well
- Tim Cook responds to iOS 6 Map app issues in public letter
- iPhone 5 screen vs iPhone 4: Really close up
- iPhone 5 line at 5th Ave Apple Store (Updated 11PM)
Featured Post
Comments
Sorry, the comment form is closed at this time.
How does asking someone to turn off a program become a patch?
what use is a phone with no SMS?
Especially considering the caveat “Keep in mind that this may not actually prevent the attack. ”
might as well be an itouch. Useless info.
Mystical, I put “patch” in quotes as it isn’t a fix, but a temp work around.
spong, I added the caveat since I can’t confirm the QuickPwn workaround, but wanted to share it anyway as it might work and be a good fit for the ultra paranoid. I’m not worried and will keep my SMS running.