Apple on Friday found SMS, safety-related defect in the iPhone, which was at the heart of one of the most discussed of the exploits in this week’s Black Hat Security Conference.

“We are grateful for the information provided to us on SMS vulnerabilities that affect multiple mobile phone platforms,” Apple representative Tom Neumayr told CNET.

“Today, less than 24 hours after the demonstration of the exploit”, Neumayr continued, “we published a free software update that addresses a vulnerability in the iPhone. Contrary to what was reported, no one was able to take control of iPhone access to personal information using this attack. ”

Security flaw involved malicious messages, which can allow hackers to take control of an iPhone. In the flaw could allow them to make calls, send text messages, or almost everything that they want from the victim iPhone.

Security researchers Collin Mulliner and Charlie Miller showed flaws in the work at the Black Hat earlier this week. Miller said that the shortage may take iPhone out of the way the device is processed in the SMS message. Researchers at Black Hat is also shown as a SMS, the vulnerabilities can affect the Windows Mobile smart phones, including HTC, Motorola and Samsung.

Miller said that Apple was first notified of the defect six weeks ago.

According to Apple, to update iPhone 3.0.1, released today, improves memory processing, mainly fixing exploit.

Update, you can connect your iPhone to your computer and click on Check for updates button in iTunes.

Las Vegas - Researchers at Black Hat security conference Thursday showed how an attacker can spoof the type of SMS message that appears to be sent from the carrier or any other reliable source.

The attack on the MMS (Multimedia Messaging Service) messages like SMS messages that could allow an attacker to fraudulently forcing the recipient to visit the malicious Web site or in the long run, do something else to harm the phone or data theft.

Attacks can work on any type of phone is MMS-enabled and works on the Global System for Mobile Communications (GSM) network, said Zane lackey, a senior adviser to ISEC Partners, as well as an independent researcher Luis Miras.

They used a jailbroken iPhone to their demos of their proof-of-concept code that allows you to circumvent the protection of the carrier for SMS messages by sending a specially crafted MMS messages.

SMS messages used by carriers to do the administration on the phone and contact clients. For example, voice mail notifications are often made for SMS, according to footman.

As a result of such communications administrator for trust beneficiaries, despite the fact that they generally do not indicate the source of the message and other details, they said. Hoaxes can be any of the reliability of the company as a bank or PayPal.

“This is a question of the carrier,” Miras said. “We know them and they are working on a solution.”

The researchers also shared information with the GSM Alliance, which provides detailed information on the use of carriers, they said.

In a demo, they sent the victim reported that the proposed $ 20 credit, and includes a reference to the alleged malicious site. Other researchers Demos sent fake voice mail alert and sent an SMS which prompted the addressee to accept or reject the new settings is unknown.

If the recipient accepted the changes, believing they are something from the usual carrier, an attacker can use the permission to do things behind the scenes, as the route of all the numbers of Internet traffic through the server to the attacker, not the carrier’s server, which allows attacker to spy on all messages.

In the SMS used by researchers have shown possible for an attacker to gain access to “circumvent the carrier spoofing protection including anti-malware filtering footman said. These attacks can also be used to determine what operating system you are so that someone can start an attack that targeted programs, “he said.

Lucky and Miras has released a tool called Taft (There in the attack for this), which automates the fulfillment of the shortcomings that were corrected. He does not allow for the spoofing issues that carriers have the address, they said.

SMS attacks become easier, because iPhones and Android devices could be easily modified, because the SMS functionality was built at the higher layers, which provide full access to the attacker, said footman.

Researchers also said that they found the lack of implementation of SMS, that they are temporarily crash on the Android phone of the phone so does not require or texts can be sent or received. Google fixed flaw, which, they said.

They also discovered a flaw in a third-party iPhone app to SwirlySpace, that the interference with the phone and texting capabilities and that also was recorded, Miras said.

There are not very much can do to protect yourself from these attacks, except to be careful SMS as a whole, “he said.

In many parts of the world, electricity is a luxury. People spend hours collecting firewood to cook their dinners or warm their homes. In Uganda, only 10 percent of the population with electricity, the vast majority did not have microwave ovens, computers and televisions. People do not have access to the latest information on disease outbreaks, weather, football or soccer. However, this may soon change.

More than a third of Uganda’s population, about 10 million people own mobile phones, and many others have access to these phones through relatives and neighbors. Cell phones can be found in any corner of the desert in the rural areas where 85 percent of the country where the locals live. With the acute need to be connected, are all efforts to use mobile phones, accusing them of car batteries or solar charger.

in an area where cell phones more than could have been light, some nonprofit organizations have begun to think that the best way to achieve the country’s poor and to obtain much-needed information through their phones. As a global non-profit Grameen Foundation, which helps the poor with financial services and technology, has partnered with Google, the telecommunications provider MTN Uganda, and several local non-profit to develop and design mobile applications that allow mobile phone users to receive information via SMS text queries.

The aim is to improve living conditions and livelihoods for the poor people of Uganda. “We have a clear vision of what we wanted to make, said David Edelstein, director of the Grameen Information and Communication Technology Innovation Center.” We apply our knowledge of the field in Uganda, and that combined with the Google experience of disseminating information. ”

Type of information, they are talking about can be anything from an HIV / AIDS clinics, agricultural advice on banana weevils, for weather forecasting. It is customized specifically for the Ugandans and provides facts and resources that most people in developed countries take for granted. “Anyone with a phone, you can use these services,” Edelstein said, but “taking into account the needs of the poor.”

Research on this project began a year and a half ago in the application of laboratory AppLab, which was established in Kampala, Uganda, the Grameen Foundation. He did field research, quantitative estimates of needs, prototyping, and focus group testing to find out how to design and structure of mobile applications that can provide information.

Since most mobile phones in Uganda, only voice and SMS capabilities, the technology is built on the SMS. A text of the question to a specific code that is based on the built AppLab, then to Google, using algorithms, keywords, and determine the most appropriate response is sent back to the mobile phone.

There are three specific services (each with its own code): Google SMS tips SMS search Google, Google and Trader. SMS tips is a question and answer service where people can obtain information about medical problems, clinic locations, and also agricultural advice, such as how to alleviate the fever or the next rain is not expected. SMS Similarly works by letting users search for mobile phone text queries and get answers on the web search experience. And, the trader is a “market” application that allows buyers and sellers to find each other, so that they can align their products, which can be anything from dried fish to furniture.

Right now, AppLab more than 50,000 unique queries in the database. In the beginning, when the database was smaller, people have been absurd or ambiguous responses to their queries. Thus, AppLab created a “Fail-Over Center”, which “does not reflect the requests and sends them to people, to be analyzed and incorporated into the database.” We have a mechanism to strengthen and improve the quality system and quality of information we disseminate said Edelstein.

People who do not own mobile phones, are illiterate or do not speak English (the language used for SMS answers), you can go to the “village phone operators, which have also been established on the basis of the Grameen Foundation. They are the local merchants, who speak English and know how to use three different SMS services. There are 10,000 operators throughout Uganda, and people may turn to them for help on their own mobile phones, or can pay a small fee to use the telephone operator. In the village phone operator receives a rebate from MTN, which gives them an incentive to provide this assistance.

MTN Networks owns half the market share of mobile phones in Uganda and is the only provider offering such services SMS right now. In the next few months, there is a grace period, and all texts are free, which allows AppLab to continue to build its database queries. When the advertising period ends, MTN and Google have agreed to instruct the agriculture and health queries to half the normal cost of SMS messages, while all other services will be standard rates. Meanwhile, Google will support on-site assessment to verify that these services have a positive effect on the people of Uganda.

received its first spam SMS messages last week, and infuriated me.

Mortgage-related text messages was more than just a nuisance, such as e-mail is spam. She is also a strong indication of how marketers have managed to invade every private communication space of consumers.

And it was disappointing that I do not know what to do. As an AT & T customer, I was trying to register on AT & T site summings I could know what to do, and take action there. Unfortunately, it kept telling me that he does not recognize my password, so I had to call customer support. The support representative directed me to another URL, where I was able to enter, and she tried to walk me through the site to the place where I could install spam blocking settings, but could not because of some technical issue on its end. It just changed the settings for me.

I called the four major U.S. wireless carriers to find out what they offer to their clients when they get SMS spam. Here’s what they said, and some other basic questions and answers people may have about mobile spam.

AT & T
Customers can block text messages or calls from certain telephone numbers on its website, as well as to limit the source of the e-mail that your phone is on the site. Customers can also respond to text messages, typing in “block” or “STOP”, to prevent future messages from this sender, and call customer service if additional assistance is necessary, said, AT & T, Mark Siegel press.

Sprint
Sprint wants customers to call customer service to report all spam messages, so the company can modify its spam-filtering technology to block phone numbers, which sent him, said a press Sprint John Taylor. Customers should not respond to messages, otherwise it checks for the spammer that the phone is really, “he said.

T-Mobile
Line and FlexPay customers can create their own filters and to block chargeable text messages, MMS (multimedia service) messages, instant messages and e-mail sent to their phones for calling customer service, said Kara Walker said.

Verizon
Customers can log into the website and register to use Controls ($ 4.99 per month), which allows them to block certain numbers from calling or sending text messages to your phone. And if customers text only a few people, which they can create aliases addresses are free, and receive only text messages sent to this address, said, Verizon said Debra Lewis.

Verizon has filed eight lawsuits in 10 of the SMS spammers in the past four or five years and a total of 20 lawsuits related to telemarketers, “she said.

What can I do to prevent unwanted calls from a mobile phone?
To block spam on the phone, customers must register their mobile number with the U.S. Federal Trade Commission does not require registration.

What carriers are doing to block spam?
In mobile communications indicated that they use anti-spam filters and antivirus technology to protect against various types of mobile spam. They do not want to go into too many details on what technology they use.

Why am I getting spam?
Some people may inadvertently choosing to receive text messages when they sign up for other services to merchants. Many free ringtone download sites used for harvesting mobile numbers. Spammers also use auto-dialers that randomly generate numbers and try them one after another. Since mobile phones do not appear in public directories, people should be careful who they share with their numbers. Be careful of sites that promise to eliminate the number of spam lists, because they are often set up to collect instead of numbers. Also, read the terms of sites and services, before the issuance of a mobile number.

Do I have to pay for spam?
In general, consumers will not pay for spam text messages and can receive a loan if they inform the company on an individual basis.

Is spam illegal?
While Verizon is the company sued in connection with violation of the federal Telephone Consumer Protection Act, which makes it unlawful use of automatic dialers to call cell phones, there is no explicit measurement outside SMS spam, yet. Action in the House of Representatives and the Senate have been introduced this year to correct it. M-SPAM Act, introduced by Sens. Olympia Snowe, a Maine Republican, and Bill Nelson, a Democrat from Florida, will strengthen regulatory powers of Federal Communications Commission and the FTC to intervene against SMS spammers, and will be directly from the bar on marketing Sending text messages to any mobile number in the national do not call registry. A similar measure was introduced in the Republic of Phil Gingrey, a Georgia Democrat, in March, after its antispam efforts last year failed.

How big is the problem?
While people in the United States may receive two SMS messages with spam in the year, all the worse, and in other countries like Europe, where one week is typical, India, where people are more than twice a day, and China, where it is more as five to 10 every day, according to Ferris Research. In the past year, according to Ferris Research estimates that wireless users in the United States received more than 1.1 billion spam messages in 2007 that 38 per cent from 2006.

Apple plans to be set later this month at the vulnerability in the iPhone, which could allow an attacker to gain control of the device remotely via SMS, a security researcher said on Thursday.

An attacker may use the weakness in how to manage iPhones SMS (Short Message Service) messages, to do something like the use of GPS, to track the location of the phone is turned on the microphone to listen in or take control of the device and insert it in the botnet, Charlie Miller , co-author of Hacker MAC allowance and the basic security of an independent assessment of the security analyst, said in a statement at SyScan conference in Singapore. The presentation covered the IDG News Service.

Miller said that under an agreement with Apple, he was prohibited from providing too much detail about the vulnerability. He plans to obtain a more detailed picture of the hole in the Black Hat conference in Las Vegas later this month.

Despite SMS hole, which could become a critical vulnerability in the iPhone is more secure than OS X on computers, said Miller. This is because the iPhone does not support Adobe Flash and Java, the software only works in digital form, signed by Apple, includes a hardware protection of data stored in memory and runs applications in a sandbox, “he said.

Apple representatives did not immediately respond to e-mail message to a request to comment on.