Your GSM Phone is (Probably) Vulnerable to Malicious Text Messages

By Andrew Brandt | Thursday, July 30, 2009 at 11:47 am

Virtually all GSM phones (such as Apple’s iPhone) and GSM wireless operators (such as AT&T and T-Mobile) on the planet appear to be vulnerable to attacks using specially crafted SMS text messages discovered by security researchers Zane Lackey and Luis Miras. At the Black Hat Briefings this morning, the two researchers demonstrated several different ways they could bypass anti-spoofing protection in cellphones, and as a result, could send phones hidden commands, profile phones, or even exploit vulnerabilities that remotely disable a targeted phone’s ability to send and receive calls or text messages.

The researchers described how they set up test systems which could read the header data sent along with text messages, then used software to craft their own custom headers and messages and sent those messages to various types of GSM phones. Based on the behavior of the phones they tested, they were able to create several kinds of automated attacks for various phone models, and determined a method an attacker could use to silently connect to mobile phones and retrieve information that permits the attacker to identify the make and model of phone, and other profiling information.

One aspect of the vulnerability not well understood is how different models of phones will behave when they receive these specially-crafted messages. Some, like the Sony Ericsson model shown at right, provide the user no context as to whether information pushed down to the phone comes from a legitimate source.

In a final coup for the conference, Lackey and Miras demonstrated an iPhone app they call TAFT which can, at the click of a few buttons, transmit various types of attacks against specific, vulnerable phone models, including iPhones, and phones running the Windows Mobile 5 and pre-“cupcake” Android operating systems.

The researchers are currently working with all major carriers and phone manufacturers to fix the problems, but warn that it may take some time before the vulnerabilities have been patched.

35 Comments

Read more: Apple, Apple. iPhone, Google Android, iphone exploit, iphone sms hack, Smartphones, SwirlyMMS, Swoopo

6 Comments For This Post

Scott Herbert Says:
July 30th, 2009 at 1:37 pm

I believe “phones running the Windows Mobile 5 and pre-”cupcake” Android operating systems.” have been patched by Google and HTC, however Apple iPhones are still unpacthed.

Interesting that Apple and Co have known about this for a while (a month I believe) But the only updates Apple released on are anti-jailbrake ones and ones that stop the pre using iTunes…

Good to know Apple has it’s consumers at heart.

Clee Says:
August 17th, 2009 at 2:46 pm

Some pretty alarming stuff. How many of us would just click “install” on a random text message we receive, trusting that it’s from the network and not some hacker? As we put more and more of our lives on our smartphones (esp. the iPhone), we become ever more vulnerable to these attacks. Besides patches, what can be done to better secure our phones before a vulnerability is again detected?

We’ve been discussing this on our blog: http://uimagicinc.com/blog/ Please check us out and leave a comment!

yhwebcn Says:
August 10th, 2010 at 1:44 am

So that every customer can buy the rest assured that with the peace of mind! Your satisfaction is my greatest joy! Either give it away or bring their own are a good choice!Replica Swiss Chronomat Watch
Breitling Evolution Watches
In order to meet their own pursuit of the watch, although the top watch can not afford this life,Replica Swiss Montbrillant Watch
Replica Swiss Navitimer Watch
Replica Swiss Superocean Watch
and a few pieces, but can buy high quality imitation table … reason to believe that a different way of life for those who desire for the urban population power with lore.

yhwebcn Says:
August 10th, 2010 at 1:45 am

Watch is an accessory, only one person should not be:
50 Fathoms Watches

Breguet Classique Tourbillon Watches
the pursuit of quality of life of people now have become a mainstream,
Bell & Ross Watches Accessories
BR 01 – Instrument 46mm Watches
from the exterior to the movement of people everywhere to work are moving fine.so more and more customers will buy a few watches to match different to clothing differently occasions,
BR 02 – Instrument 44mm Watches
such as have to watch while swimming at a business dinner to watch and definitely not one to wear light-colored shirt and suit T shirt to watch the same can not, therefore, essentially, the watch is a work of art,
BR 03 – Instrument 42mm Watches
Breitling Accessories Watches

yhwebcn Says:
August 10th, 2010 at 1:45 am

please come here, we are lowest price replica Watches supplier,
Royal Oak Offshore Watches
Replica Riviera Watches
offer high-class fake Watches in about 100 famous brands。Watch the quality is good and my hands the final say, the buyer's evaluation of the quality of the watch is the most objective evaluation.Replica Breguet Type XX Watches
Allows you to truly experience the fun of online shopping, and that one of the baby's expectations.Audemars Piguet Jules Audemars Watches
Audemars Piguet Royal Oak Watches
Welcome customers to patronize, to buy more discount more than the price the same product we; the same price we are more than quality;the same quality service site that we were honest promise:Quality assurance; customer first; credit management,Avenger Skyland

Avi to mp4 converter Says:
October 6th, 2011 at 3:55 am

Very good and interesting article about vulnerabilities. Thanks for posting it, most educational.

29 Trackbacks For This Post

iPhone SMS vulnerability - for virtually all phones? - The Tech Lunch Says:
July 30th, 2009 at 2:10 pm

[…] iPhone SMS vulnerability – for virtually all phones? Jul.30, 2009 in Apple, Daan Berg column, Hardware, News Your GSM Phone is Probably Vulnerable to Malicious Text Messages […]

Black Hat: SMS Attacks Not Just for iPhones | Gizmo Addiction Says:
July 30th, 2009 at 2:50 pm

[…] Technologizer is reporting on the developing story on SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, nearly all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing shield and send goods designed to get access and take control of the phone. […]

Hackers show how Apple iPhone can be taken over by malicious text message @ Technology News Says:
July 30th, 2009 at 3:15 pm

[…] then later in the session, two other researchers step up and say that pretty much any GSM phone is vulnerable to maliciously crafted text messages. Oh, hell. As a result, [they] could send phones hidden […]

Black Hat: SMS Attacks Not Just for iPhones | Apple News Says:
July 30th, 2009 at 3:39 pm

[…] Technologizer is reporting on the developing story on SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, nearly all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing defense and send notes designed to get access and take control of the phone. […]

Black Hat: SMS Attacks Not Just for iPhones | Spike Feed Says:
July 30th, 2009 at 6:03 pm

[…] Technologizer is reporting on the developing story on SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, almost all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing security and send data designed to get access and take control of the phone. […]

winandmac.com » Not only the iPhone: All GSM phones can be hacked by malicious SMS Says:
July 30th, 2009 at 7:18 pm

[…] Technologizer, BusinessWeek, […]

Black Hat: SMS Attacks Not Just for iPhones - 1559th Edition | Tech & Telephone Blog Says:
July 30th, 2009 at 10:30 pm

[…] Technologizeris reporting on thedeveloping storyon SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, almost all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing security and send data designed to get access and take control of the phone. […]

Calm down: It’s not doomsday for your iPhone - L&C Tech Talk Says:
July 31st, 2009 at 12:00 am

[…] Harry McCracken at Technologizer reports that all phones that use GSM (including AT&T and T-mobile phones) are vulnerable to the […]

Black Hat: SMS Attacks Not Just for iPhones | Albmobile Blog - Maximize Your Mobile Phone Says:
July 31st, 2009 at 12:48 am

[…] Technologizer is reporting on the developing story on SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, almost all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing security and send data designed to get access and take control of the phone. […]

Black Hat: SMS Attacks Not Just for iPhones | Hot Trends 2 Tweet Says:
July 31st, 2009 at 1:27 am

[…] Technologizer is reporting on the developing story on SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, almost all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing security and send data designed to get access and take control of the phone. […]

Hackers show how Apple iPhone can be taken over by malicious text message | RSS For Gadgets Says:
July 31st, 2009 at 3:45 am

theregoesdave.com » The skinny on the iPhone vulnerability Says:
July 31st, 2009 at 5:28 am

[…] AT&T to remotely control features on your phone. If your provider is T-Mobile or AT&T, your phone likely has the same ‘feature’ these guys are calling a […]

Black Hat: SMS Attacks Not Just for iPhones | My Apple iPhone Says:
July 31st, 2009 at 5:38 am

[…] Technologizer is reporting on the developing story on SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, almost all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing security and send data designed to get access and take control of the phone. […]

How iPhone can be taken over by text - Front Page News - NewsSpotz Says:
July 31st, 2009 at 6:30 am

[…] does figure this out. ..And then later in the session, two other researchers step up and say that pretty much any GSM phone is vulnerable to maliciously crafted text messages. Oh, hell. As a result, [they] could send phones hidden […]

iPhone hack? How about an AT&T and T-Mobile hack. | Techronos Says:
July 31st, 2009 at 6:46 am

[…] network (AT&T and T-Mobile) are affected by this flaw. Not just the iPhone. Read about it here on […]

Falha de segurança no SMS do iPhone também afeta outros celulares e deverá ser solucionada pela Apple logo | MacMagazine Says:
July 31st, 2009 at 8:27 am

[…] Technologizer.] Email this to a friend?Tweet This!Share this on FacebookShare this on del.icio.usAdd this to […]

winandmac 香港版 | 不只是iPhone：手機SMS存在嚴重漏洞 Says:
July 31st, 2009 at 9:57 am

[…] [來源：Technologizer, BusinessWeek, CNET] […]

iPhone/GSM phones vulnerable to SMS hacks, patch coming soon | Nuze.me Says:
July 31st, 2009 at 10:02 am