A few days ago we were contacted by the Swedish programmer Roman Digerberg who told us he had found serious security holes in IOS. Among other things, he asserted that it was possible to send an anonymous text message that appears on the lock screen, even if the phone is set to not display messages that way.
He also said that it is possible to manipulate the number that shows voice mail messages, or to just put a red dot in its place, that the user is unable to remove. When TechWorld spoke with him, he told us more:
How did you discover this security flaw?
- It was by pure chance. I wrote a program in C # for my gps tracker, which would facilitate the programming of it. By mistake I sent the text message to my Iphone which then began to beep and display strange messages on the screen. Soon, I realized that I had created a monster.
What did you do?
- I have been in contact with Apple, both via email and phone, but they seem totally uninterested in this. I've been thinking about putting the program online soon. People will start doing crazy stuff with each other's phones, but why should you care about it if not even Apple cares?
He also reports that he has received offers from several companies who would like to buy the software to use it for advertising, since it is impossible to ignore the messages that pop up on the screen.
He offers to demonstrate how it works and TechWorld´s news editor Daniel Åhlin gives Roman his phone number. A short while later strange things starts to happen in his phone:
Apparently lots of people tried to call the last minutes. But voicemail says that there are no new messages...
But it still says 250 people have called. And it will not disappear, no matter what we are testing...
And what about this? Extra important call?
Roman Digerberg explains, without going further into the technical details, it's all about manipulating classes in the message structure. In addition to sending messages that can not be avoided, and manipulating the amount of messages, he says that he´s also managed to lock an Iphone altogether which would require a restart.
- Some people think that I should start a pay service online where you can anonymously send different types of messages. You can imagine what chaos there would be if people start sending unwanted and unavoidable messages to each other and make changes in each other's phones. That said, I realize that this is a monster, says Roman Digerberg.
Sign up for Computerworld eNewsletters.