Apple Blue LogoOn Thursday at the Black Hack conference in Las Vegas the security researchers, Charlie Miller and Collin Mulliner, demonstrated a SMS security vulnerability that exists in the iPhone, Android based mobile phones, and Windows Mobile phones. The attack involves simply receiving a series of malformed SMS from a hacker, just receiving these SMS will cause the targeted mobile phone to either crash or worst taken over by the attacker. The latter is possible with the iPhone.

When the attacker takes over the iPhone they can make calls, visit web sites, turn on the camera and most of all forward the SMS to people in the iPhone's Contact list.

The security researchers informed Apple, Google and Microsoft of the vulnerability about a month ago. At that time, they told these companies that the SMS security vulnerability will be the topic of their speech at the Back Hack conference in Las Vegas. After Google was informed they released a fix to Android. The researchers did not hear from Apple.

This morning Apple released iPhone firmware 3.0.1, which they claim has included the fix for the reported SMS security vulnerability. As of now Microsoft is still investigating the vulnerability in Windows Mobile.

For all iPhone users who had jailbroken their iPhone, please be warned that this update will most like like undo the jailbreak. For iPhone users who had unlocked their iPhones, thus far there are no official news from iPhone Dev Team, if the iPhone firmware 3.0.1 will cause the iPhone to be still unlock-able. One thing we do know is that iPhone firmware 3.0.1 does not upgrade the baseband of the iPhone, so in theory it should still be unlockable with the software from iPhone Dev Team.

[Update: August 1, 2009] iPhone Dev Team just released an official message confirming that the iPhone firmware 3.0.1 is safe for iPhones, and the upgraded iPhone still can be jailbroken and SIM unlock. Please read the message from iPhone Dev Team for instructions on how to do so.

Ever since iPhone firmware 2.x Apple had allowed the carriers to disable the ability to edit the APN settings on the iPhone. Fortunately, there is a way around this issue. The are perfectly justified reasons for any iPhone users wanting to change the APN settings. One reason, is to enable data service at a foreign country with a local SIM card.

There are two different methods of accomplishing this. One is for iPhone that are factory SIM-unlocked (ie. iPhones from Australia, Belgium, Canada [iPhone 4], France, Hong Kong and UK [iPhone 4]), the other is for iPhone that had been jailbroken or unlocked using one of the many 3rd party hacks available.

iPhone that are factory SIM-unlocked

  1. Download the iPhone Configuration Utility.
  2. Create a new Configuration Profile by clicking on the New button in the Toolbar.
  3. In the General tab enter the required profile Name and Identifier (ie. "com.vinko.profile").
  4. Go to the Advanced tab click on the Configure button to enter the edit pane.
  5. Enter the APN information for the carrier in question.
  6. Click the Share button in the Toolbar to send the configuration file to an email address that you can receive on your iPhone.
  7. Open the email on your iPhone, double click on the attached configuration file and follow the instructions to install it. Trust and/or Allow if it ask you about the configuration file.

iPhone that are jailbroken or unlocked using 3rd party hacks

  1. SSH to your phone
  2. Edit the carrier.plist file in /System/Library/Carrier Bundles/. In my case "SmarTone_hk.Bundles". Add the following snippet

    <key>AllowEDGEEditing</key>
    <true/>

    right after the code block

    <?xml version=”1.0″ encoding=”UTF-8″?>
    <!DOCTYPE plist PUBLIC “-//Apple Computer//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
    <plist version=”1.0″>
    <dict>

After you made the necessary APN changes. You should be able to access the Cellular Data Network settings within Settings → General → Network → Cellular Data Network

If you do not see this settings in Network you may have to restart your iPhone.

For APN settings in Hong Kong please see my post, MMS With iPhone 3.0 On iPhone 3G.