LAS VEGAS. Between 11:15 and 12:30 AM PT today, security researchers Charlie Miller and Collin Mulliner will publicly show off a highly exploitable SMS flaw in Apple iPhone (at least it is at the time of this blog post).
Going a little deeper the flaw isn’t just an iPhone issue and in fact there are two seperate sessions at Black Hat this morning talking about SMS flaws in general.
“We (will) present techniques which allow a researcher to inject SMS messages into iPhone and Windows Mobile devices,” Miller’s states in his talk abstract.
I’ll see it for myself in a few hours along with hundreds of other people that are likely to back the session hall. What Miller will demonstrate is how fuzzing – which is a technique that basically throws garbage input at a process – can be used to generate a fuzzed SMS message that triggers the flaw.