iPhone SMS vuln could let HAX()RZ run errant code

Security Researcher Charlie Miller has found an SMS vulnerability that can make the iPhone 3G or 3GS run unsigned code over SMS. No real details, just some vague “agreement with Apple” against describing the exploit, but it seems like a doozy:

Most often used to send brief text messages between cell phones, SMS can also send binary code to an iPhone, which then processes the code without any user interaction. Each SMS message is limited to 140 bytes, but longer sequences can be sent to the phone as multiple messages that are automatically reassembled.

This feature allows larger programs to be delivered to a phone, Miller said.

That’s gotta be a lot of SMSes, right? 140 characters doesn’t hold a lot of logic bomb, let alone do something like this: