Text Message Blog |
SMS vulnerabilities for iPhone, Android and Windows Mobile found
Jul 31, 2009 09:30 Security experts at the Black Hat conference revealed that phones running Android and Windows Mobile can be compromised by sending SMS messages. This vulnerability also extends to the Apple iPhone.
Charlie Miller, Independent Security Evaluators researcher, and Collin Mulliner, a PhD student at the University of Berlin, demonstrated how it's done.
Using a framework called "Fuzzing", a hacker can discover vulnerabilities by entering random or unexpected data. Crashes or unexpected behavior arising from such input can then be analyzed as a potential vulnerability.
According to the security experts, taking hold of one's iPhone is easy--simply launch a denial-of-service attack by sending hundreds of SMS control messages. The hack is enabled by memory issues in the way the iPhone handles the SMS protocol.
So what can the hacker do with your iPhone? He can shut down your iPhone, deface the text, reconfigure keys, and even launch a malware attack via SMS.
A similar SMS hack can also be conducted on the Google Android and Windows Mobile platforms.
What will happen next? Expect security solutions providers to cash in on this new vulnerability. Phones with virus protection or intrusion detection software will come to play very soon. And as early as now, I want to inform you that I hate this development.
I've said this before and I will say it again--it is the responsibility of hardware and software makers to keep their products safe and secure. Do not release a product that is vulnerable and pass the responsibility of protecting it onto the consumers. It's just so unfair.
God bless us all!
http://asia.cnet.com
Security experts at the Black Hat conference revealed that phones running Android and Windows Mobile can be compromised by sending SMS messages. This vulnerability also extends to the Apple iPhone.
Charlie Miller, Independent Security Evaluators researcher, and Collin Mulliner, a PhD student at the University of Berlin, demonstrated how it's done.
Using a framework called "Fuzzing", a hacker can discover vulnerabilities by entering random or unexpected data. Crashes or unexpected behavior arising from such input can then be analyzed as a potential vulnerability.
According to the security experts, taking hold of one's iPhone is easy--simply launch a denial-of-service attack by sending hundreds of SMS control messages. The hack is enabled by memory issues in the way the iPhone handles the SMS protocol.
So what can the hacker do with your iPhone? He can shut down your iPhone, deface the text, reconfigure keys, and even launch a malware attack via SMS.
A similar SMS hack can also be conducted on the Google Android and Windows Mobile platforms.
What will happen next? Expect security solutions providers to cash in on this new vulnerability. Phones with virus protection or intrusion detection software will come to play very soon. And as early as now, I want to inform you that I hate this development.
I've said this before and I will say it again--it is the responsibility of hardware and software makers to keep their products safe and secure. Do not release a product that is vulnerable and pass the responsibility of protecting it onto the consumers. It's just so unfair.
God bless us all!
Example:
"Text PROMO to 63566 to join our list for special offers"
