Researchers have identified a bug in an application that can enable attackers potentially to gain control of a victim’s iPhone. The app in question, TreasonSMS, enables users to send SMS messages from a desktop Web browser by using their iPhones as Web servers.
The bug lies in the way that the TreasonSMS app handles certain scripts. According to an advisory from Vulnerability Lab, attackers in some cases can exploit the vulnerability in the iPhone app in order to gain complete control of an affected device.
“A HTML Inject & a File Include vulnerabilit is detected on TreasonSMS IPhone application. The vulnerability allows an remote attacker to include malicious persistent script codes on application-side of the iphone. This possible way allows the attacker also to inject for example webshell scripts to get control of the affected application folder. When the IPhone is jailbreaked the vulnerability exploitation can also result full controll of the affected IPhone. The Bug is located in the input fields of the Message Sending & Message Output. An attacker can scan the victim on walkthrough because the ip of the webserver makes the treasonSMS available to anybody without password,” the advisory says.
TreasonSMS allows users to send SMS messages directly from their desktop machines by using their iPhones as an intermediate relay. The message is sent from the Web browser to the app on the phone, which then sends the message to the text’s recipient. There are a variety of apps that let users do similar things. Apple has recommended that iPhone users not jailbreak, or unlock, their phones, in part because it can open them up to more vulnerabilities and attacks.