Apple scrambles to fix iPhone flaw

Apple is rushing out a fix to an embarrassing security glitch that allows hackers to gain control of one of its most popular gadgets, the iPhone.

The action is being taken after it emerged that hackers were able to send a malicious text message to an iPhone allowing them to hijack the device and prevent it from being able to make or receive calls.

Sending hundreds of such messages could allow third parties to gain remote control of an iPhone, hackers told a computer security conference.

As a result, it was announced that a software "patch" - a piece of computer code - would be available for iPhone users to download from Apple's iTunes site from today.

Apple, which has sold 21 million of the devices worldwide in the past three years, was last night unavailable to discuss the issue, but its telecoms partner signalled that the US computer giant was concerned by the threat to the iPhone, the style and versatility of which has proved popular with British consumers.

The saga began on Thursday when two hackers told the Black Hat conference in Las Vegas that they could breach the security of the iPhone and other "smart phones" using the Windows Mobile and Google Android operating system with a simple SMS, or text message.

Charlie Miller and Collin Mulliner claimed that sending 500 messages to one phone could take away the owner's control of the device.

The hacking takes place through the modification of data that accompanies text messages, which is not seen by the phone's user. Once the message is received, hackers can gain access to a range of applications including a phone's address book or camera.

The security experts came up with the software to exploit the weakness, targeting iPhones on four networks in Germany as well as AT&T in the US. However, they said that they believed it would work equally well in any country.

They warned that hackers could develop programs to exploit the weakness within a fortnight, explaining that Google was already taking steps to address the problem.

"If we don't talk about it, somebody is going to do it silently. The bad guys are going to do it no matter what," said Mr Mulliner, a PhD student in telecommunications security at the Technical University of Berlin, who said the pair were going public in the hope that Apple would address the flaw.

His colleague, Mr Miller, a well-known hacker of Apple and other products, said messaging attacks would become more common because the vulnerable technology, which allows phones to deal with the mass of data from text messages, could not be turned off as it was a core function.

"It's such a powerful attack vector," he said. "All I need to know is your phone number. As long as their phone's on, I can send this and their phone's going to do something with this.

"It's always on, it's always there, the user doesn't have to do anything n it's the perfect attack vector."

An O2 spokesperson told the BBC that the patch would be available from today. "We will be communicating to customers both through the website and proactively," said the spokesperson. "We always recommend our customers update their iPhone with the latest software and this is no different."

- THE INDEPENDENT