Completely Impractical Smartphone SMS Attack Panics Nation.

[Edited August 5 to add]  There were some important details that the San Francisco Chronicle left out or got wrong. The attack actually seems to be much worse than the original story suggested.  First, the “invisible” messages, which the story described as “text” or “SMS” messages, seem to be control messages.  As cNet makes more clear, control messages are not necessarily seen by the user, which makes this attack far easier to pull off.   The Chronicle’s story said you could delete any one of the 512 incoming messages to foil the attack.  Obviously that is not possible if the user can’t see the messages.  So the Chronicle blew it, presenting a jumble of true and incorrect information, and I will know better than to rely on it in the future.

Perhaps the most shocking thing about the exploit is that ordinary Joes who have nothing to do with the phone company or Apple can send control messages to cell phones and, according to the cNet story, any iPhone can be reprogrammed to do so. 

A huge buzz preceded the presentation by Charlie Miller and Collin Mulliner at the famous “Black Hat” cybersecurity conference in Las Vegas. The pair claim to have discovered a way to take over a smartphone, such as an iPhone or Windows Mobile phone, using nothing more than SMS. According to the San Francisco Chronicle, “A pair of security experts have found a vulnerability in the iPhone that allows a hacker to take control of an iPhone through a text-message attack.”

Even scarier, the attack uses “a series of mostly invisible SMS . . . bursts,” the Chronicle said.

Here are the real facts:

1. Yes, in theory, a hacker could take over your smartphone. Could be an iPhone, as the Chronicle’s lead paragraph and headline said. Could be a Windows Mobile phone.
2. There is no such thing as a “mostly invisible” SMS text message. You would receive a normal-seeming SMS text message that should show up on your phone just like any other, accompanied by some control messages that you may or may not see.
3. You would know you are being hacked because you will receive SMS text messages that contain empty square characters (I guess this is what the Chronicle means by “mostly invisible”; by that standard, the letter o is mostly invisble). If at that point you delete the messages or turn off your phone or go into Airplane mode, the attack will not succeed.
4. The attack requires 512 SMS messages, presumably delivered rapid-fire. That makes an attack against a single victim fairly noticeable and possibly expensive. An attack against more than a small number of smartphone users would be cost-prohibitive. Even “unlimited” SMS plans have their limits.
5. The attacker needs the phone numbers of enough smartphones to make this worth his while. Sending the attack to landlines or regular cellphones would merely run up his costs and raise his profile. This effectively limits the attack to “whales.”
6. The 512 SMS messages must all survive until all of them have been received by the victim. If the victim deletes even one of these messages, the exploit fails.
7. Cell phone companies actually care about SMS spam and have countermeasures in place. Leaky, lousy countermeasures, to be sure, but they would be foolish to allow their networks to be take over by zombie phones. Surely they could filter out all “mostly invisible” messages.

It is disturbing that this attack is possible, even given these constraints. You just don’t think of SMS as a security hole. Thank goodness Apple has already patched against this exploit. But get a grip, people.

iPhone Needs Energy Saver Preferences Pane

Apple has extensive tips about extending battery life on the iPhone. But the iPhone does not have the equivalent of the Energy Saver control panel on the Mac. It would be so handy to have a simple slider to say, “This is how much I care about battery life right now,” or a single gathering place to see/set all energy-relevant settings. Ideally, you would have presets for Home (turn on WiFi, turn off Bluetooth), In The Car (turn on Bluetooth and the equalizer, turn off WiFi), Traveling (turn off everything but push e-mail), etc.

Instead, to turn off or adjust power-hungry preferences, you are forced to go to hither and yon through the Settings app:

Only one of these settings — Airplane Mode — can be reached through the main screen of the Settings app.

It would be nice if there were a third-party app that could do this, but I would be surprised if non-Apple programmers had access to all of those settings.

Sorry to be so rude, Time Capsule, but you leave me no choice

I use my Apple Time Capsule as a network storage device, which allows any computer in the house to access the files on an external drive. Actually, I hooked up a USB hub and have three printers (laser, inkjet and label) and two external hard drives on my network through the Time Capsule.

Most of the time this works fine. Better than fine, really; it’s a minor miracle. However, sometimes I want to disconnect a disk and then reattach it later. To do this safely, you need to use the Airport software from a computer on the network to “disconnect all users” (a misnomer, because users can continue to connect to the Time Capsule, its printers and the Internet, just not the drives).

When you reconnect the drives, though, Time Capsule often will not see them. And don’t bother politely restarting the Time Capsule through the Airport software.

The only thing the Time Capsule understands when it gets into one of these moods is brute force. You must yank the power cord out of the wall or forcibly withdraw it from the unit. Wait for the internal drive to spin down, then restore the power. Once the Time Capsule understands who’s boss, it let’s you use the external drive.

Tags: Time Capsule

Does Voice Control Run “Normal” Apps in the Background?

As you probably know, the iPhone does not allow third party apps to run in the background.  Or does it?

If you are using an iPhone app and invoke Voice Control to control the iPod (e.g., to skip to the next song), it will carry out your command and then, in a fit of pure awesomeness, return you to your app seemingly where you left off.  I haven’t tested this extensively, but one of three things must be going on.

1. The first app quickly saves its state, quits, and then is is restored when Voice Control is done
2. The iPhone takes a “snapshot” of the memory used by the app, and then reloads that snapshot after Voice Control finishes, or
3. The iPhone lets the app run in the background momentarily, then returns to the app when Voice Control gives the all clear.

I am pretty sure door #3 is the winner, admittedly based on exactly three data points.  First, I tried Voice control while in Toodledo, adding a new task to my to-do list.  Voice Control returns me right back to the screen where my as-yet-unsaved task is waiting.  This is completely different from Toodledo’s behavior when it quits.  If you return to the home screen while entering a new task and then relaunch Toodledo you start at the app’s home page, which lists various categories of tasks.

Second, I tried Wurdle, a Boggle-like spelling game which has a countdown timer.  When you invoke Voice Control, the Wurdle clock keeps running!  Voice Control typically runs about 10 seconds off the clock, depending on how fast you say your command, etc.

Now, you might argue that Wurdle might be storing the start time in a variable and then subtracting that from the current time on the iPhone’s internal clock to get elapsed time, and then subtracting that from the game’s timer.  That would make the clock seem to advance, even under “freeze-dried” scenario 2.

Third test — geoDefense.  In this game you set up guns which then fire away automatically at oncoming waves of enemies.  Once you set up the guns, you are pretty much a spectator.  When you invoke Voice Control, your defenses seem to continue to shoot bad guys.  In any event, there were fewer bad guys on the screen when I returned from Voice Control.  The simplest explanation is that geoDefense is killing in the background.

Can anyone supply counter examples?

Even if my supposition is correct, this seems like an awfully tiny chink in the “We Won’t Allow Background Apps” armor Apple is wearing.  I can’t think of a way this could be turned into a true multitasking system, like on the Pre.  But someone else might.

iPhone Voice Control quirks

Voice Control on the iPhone 3GS is a godsend for those times when you can’t look at the screen.  Hold down the “home” button for a couple of seconds (even if the phone is locked) and Voice Control is activated.  You hear two quick tones, and then you speak your command.  You do not have to train it with your own voice.  It just works.

Yes, it will dial from your address book (“Call John Smith”) and lets you specify a particular number to call (“Call Sally Gravapolis mobile”).  You can also speak the number.

Voice Control also operates the iPod, and here is where the weirdness starts.  You can play a playlist (“Play playlist Mellow Hits”) and play songs by a particular artist (“Play songs by Beck”) or on a particular album (“Play album Let It Bleed”).  You can pause (by saying “pause”) and play (by saying “play”) but voice control does not understand “stop.”

And you can’t play a particular song (“Play Bitch,” “Play song Bitch,” and “Play song Bitch by the Rolling Stones” all fail).  If you say something that sounds remotely like a valid command, Voice Control runs with it.  ”Play Operator by Jim Croce” resulted in playing songs by Weird Al Yankovich.

Also, despite the new Voice Memos app included with version 3.0 of the iPhone OS, you cannot created a voice memo using Voice Control.  At first blush, this seems like a glaring omission.  Clearly, Voice Control can pass commands to other apps; otherwise, the phone dialing and iPod controls would not work.  On the other hand, it is possible that the receiving app has to be one that Apple allows to run all the time, such as the Phone and iPod apps.

Voice Control apparently can’t be turned off and even if you have set a PIN, it will do what it is commanded by whoever commands it.  Some might call this a security hole, but the worst thing I can think of someone doing is running down your battery or prank calling your boss, imitating your voice and telling him where to stick it.  What’s the harm in that?

Tags: iPhone, Voice Control