An SMS can force a URL or app on smartphones

| No Comments

John Hering and Kevin Mahaffey of Flexilis demonstrate an SMS attack targeting a Windows Mobile phone.

(Credit: Elinor Mills/CNET News)

LAS VEGAS--In one of a handful of SMS-related presentations here at the Black Hat security show, researchers demonstrated on Thursday how they can force certain types of smartphones to visit a malicious URL or install an app without user approval.

The vulnerability only affects phones that have been misconfigured by the original equipment manufacturer so that they accept any message sent through WAP Push (Wireless Application Protocol), a service that runs on top of SMS, said researcher John Hering.

WAP Push messages should only be accepted when sent by a trusted party such as the mobile operator, said Hering, chief executive of Flexilis, which provides software for protecting mobile phones from attack.

The vulnerability spans all Windows Mobile devices including HTC, Motorola, and Samsung, but not all of any one make or model of phone is found to be vulnerable, only random ones, he said.

Phone owners can test their phone to determine if they are affected by the issue. Hering and Kevin Mahaffey, Chief Technology Officer at Flexilis, are releasing a free tool that can be used to test whether a mobile phone is vulnerable, and if so fix the issue.

The researchers said they had not yet determined whether the iPhone or other devices were vulnerable. They said they have notified carriers, or Microsoft, and fixes are being worked on.

The attack works on GSM networks, the men said, adding that they had not yet tested it on CDMA networks.

The researchers built this device for testing for the vulnerability on multiple phones at once.

(Credit: Elinor Mills/CNET News)

The researchers have developed free, open-source software called "Fuzzit," which is designed to test the security of mobile devices and is geared towards mobile manufacturers, operators, and software developers. It will be released shortly. They also built a device that allows for the testing of multiple phones on different platforms at once for internal research and development.

Their session was just one of a handful that dealt with vulnerabilities on mobile phones and SMS, in particular.

In a presentation earlier in the day, Zane Lackey of ISEC Partners and independent researcher Luis Miras demonstrated how an attacker could spoof an MMS (multimedia messaging service) type of SMS message that appears to be sent from a trusted source and trick the recipient into visiting a malicious Web site.

Also on Thursday, Charlie Miller of Independent Security Evaluators and independent researcher Collin Mulliner demonstrated another type of attack in which they can take complete control over an iPhone merely by sending special SMS messages. They proved the attack the night before with a denial of service attack on my non-jailbroken iPhone, which runs OS 3.0.

Since SMS is available on so many devices and is always on--as long as the phone is turned on--it makes for an attractive target for attackers, according to researchers.

Leave a comment



 Where is James King?


 

Language Translation




 

Other Links:


 Main
 Public Trail Maps
 Archives
 CMS
 About/Contact
 Twitter @BruteForce
 Facebook
 LinkedIn
 Geocaching
 View DGP stats

 

My Audio & Video:


 Flickr
 YouTube
 Pandora

 

Elsewhere:


 ATV Utah
 Our ATV Obsession
 Bogley Outdoor Community
 ATV Escape
 Trish's Cake Shop
 Dennis Udink's Site
 Army Ranger
 Alex's World
 Grizzly Guy
 Adventure World TV
 WeatherCam: UofU
 Delta Bravo Sierra Comics  
 PowerPoint Ranger Comics
 Reversaroller ATV Winch

March 2022

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Recent Photos

About this Entry

This page contains a single entry by James King published on July 31, 2009 8:09 AM.

Starvation to Tucker (Spanish Fork Canyon / Hwy 6) was the previous entry in this blog.

Mineral Fork (Big Cottonwood Canyon) is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.