The Daily Caller

The Daily Caller
Attendees use cell phones to capture the presentation of the Parkchoonmoo 2014 Fall/Winter collection during New York Fashion Week  February 9, 2014. REUTERS/Andrew Kelly (UNITED STATES - Tags: FASHION TPX IMAGES OF THE DAY) - RTX18I6M Attendees use cell phones to capture the presentation of the Parkchoonmoo 2014 Fall/Winter collection during New York Fashion Week February 9, 2014. REUTERS/Andrew Kelly (UNITED STATES - Tags: FASHION TPX IMAGES OF THE DAY) - RTX18I6M  

Programmer exposes ‘MONSTER’ iPhone security flaw

A Swedish programmer has discovered major security holes in Apple’s iPhone iOS software that would allow hackers to manipulate text messages, voice mails, alter call logs and even lock phones entirely.

Roman Digerberg was writing a program for his iPhone’s GPS tracker when he accidentally stumbled upon the software security flaw, which initially allowed him to send anonymous, unblockable text massages to an iPhone lock screen — even if the option was turned off in settings.

“Soon, I realized that I had created a monster,” Digerberg said.

Using the same exploit Digerberg was eventually able to control the voice mail indicator on the home screen, altering or erasing the number of voicemails displayed, which the user is then unable to change. He even learned how to lock a user out of their own phone, forcing them to do a full reset to gain access.

After discovering the flaw Digerberg tried to notify Apple by email and telephone, but the company appears wholly uninterested in addressing the problem, according to the Swedish programmer. Digerberg then brought his findings to TechWorld, which published a report Thursday after the Swedish programmer demonstrated the hack on an editor’s iPhone.

“I’ve been thinking about putting the program online soon,” Digerberg said. “People will start doing crazy stuff with each other’s phones, but why should you care about it if not even Apple cares?”

Although he declined to go into the specifics of how it works, Digerberg said the hack is based on “manipulating classes in the message structure.”

Digerberg stated he’s already been approached by multiple companies interested in purchasing his hack for advertising purposes, since the messages sent using the flaw cannot be blocked from appearing on the screen.

“Some people think that I should start a pay service online where you can anonymously send different types of messages,” Digerberg said. “You can imagine what chaos there would be if people start sending unwanted and unavoidable messages to each other and make changes in each other’s phones.”

Follow Giuseppe on Twitter