If it's as as serious as the article claims, I'll be quite shocked. If someone were to release an iPhone worm that spreads via SMS, then Apple would be devastated.
Except that competing smartphones (BlackBerry, Android, Pre, etc) almost all do OTA updates which is more reliable and doesn't require the user to keep up to date on their computer.
This won't be a problem, and that prognosis has nothing to do with the fact that it's the iPhone that's affected. The carriers own the networks. Unlike Internet worms, which spread "in the wild", these messages would have to pass through the carriers' networks to get from one iPhone to another. The carriers can just filter them out, whether the phones are patched or not.
Of course it would be a problem, due to the fact that they can't respond instantaneously. In order to block these messages, AT&T would have to first 1) realize that there is a problem, 2) figure out what to filter, 3) implement the filter. By the time they did all this, the worm would have already spread to most phones which are turned on. It could easily infect 500,000 phones before AT&T were able to respond.
If, for example, someone released a worm which sent an infected SMS to all contacts and proceeded to permanently destroy the device's baseband, ruining 500,000 iPhones before AT&T implemented a filter, how much money do you think Apple is going to have to spend in repair costs and lost future sales from the bad PR?
Why do they mention all the security features of the OS when it doesn't help one bit against this rootkit? It sounds almost as an PR how iPhone is secure!
On another point, from an AT&T memo:
On June 25, the day Michael Jackson died, text messages sent on our network spiked at 65,000 messages per second
I wonder how much would it be if somebody made this into an exploit sending it to the whole address book.
I imagine it would be whatever the capacity of the network before melting down is. If it consecutively gets sent to the entire address book, and there are a lot of iPhones out there, that is some fast exponential growth.
>For starters, the stripped-down version of the OS presents fewer options for attackers, removing applications and features such as support for Adobe Flash and Java, which they might otherwise be able to exploit for vulnerabilities.
What does that even mean? It would be more vulnerable if it had Java installed?
This is singly the most important piece of iPhone news yet. It may even eclipse the announcement of the device itself... From the Computerworld article, the exploit gains root access. Imagine a 21 million phone bot-net created overnight, with the ability to geo-locate each unit and receive audio and video from it. Remember that most PC exploits can be prevented via a firewall, and this cannot. Most PC's are also behind a router and not directly addressable, while phones (via SMS) are not.
How do I stop AT&T from delivering text messages? There's no way to turn them off at the OS level...
EDIT: You can disable text messages by signing up for Smart Limits for Wireless Parental Controls ($5/month). You can then add whitelist numbers and set the SMS quota for greylist numbers to 0.
Nope, the iPhone doesn't support over-the-air updates. Apple can patch it in the next version of the OS, but no one's gonna get the update without a computer.
