Virtually all GSM phones (such as Apple’s iPhone) and GSM wireless operators (such as AT&T and T-Mobile) on the planet appear to be vulnerable to attacks using specially crafted SMS text messages discovered by security researchers Zane Lackey and Luis Miras. At the Black Hat Briefings this morning, the two researchers demonstrated several different ways they could bypass anti-spoofing protection in cellphones, and as a result, could send phones hidden commands, profile phones, or even exploit vulnerabilities that remotely disable a targeted phone’s ability to send and receive calls or text messages.
The researchers described how they set up test systems which could read the header data sent along with text messages, then used software to craft their own custom headers and messages and sent those messages to various types of GSM phones. Based on the behavior of the phones they tested, they were able to create several kinds of automated attacks for various phone models, and determined a method an attacker could use to silently connect to mobile phones and retrieve information that permits the attacker to identify the make and model of phone, and other profiling information.
One aspect of the vulnerability not well understood is how different models of phones will behave when they receive these specially-crafted messages. Some, like the Sony Ericsson model shown at right, provide the user no context as to whether information pushed down to the phone comes from a legitimate source.
In a final coup for the conference, Lackey and Miras demonstrated an iPhone app they call TAFT which can, at the click of a few buttons, transmit various types of attacks against specific, vulnerable phone models, including iPhones, and phones running the Windows Mobile 5 and pre-”cupcake” Android operating systems.
The researchers are currently working with all major carriers and phone manufacturers to fix the problems, but warn that it may take some time before the vulnerabilities have been patched.
35 Comments
Read more:
July 30th, 2009 at 1:37 pm
I believe “phones running the Windows Mobile 5 and pre-”cupcake” Android operating systems.” have been patched by Google and HTC, however Apple iPhones are still unpacthed.
Interesting that Apple and Co have known about this for a while (a month I believe) But the only updates Apple released on are anti-jailbrake ones and ones that stop the pre using iTunes…
Good to know Apple has it’s consumers at heart.
August 17th, 2009 at 2:46 pm
Some pretty alarming stuff. How many of us would just click “install” on a random text message we receive, trusting that it’s from the network and not some hacker? As we put more and more of our lives on our smartphones (esp. the iPhone), we become ever more vulnerable to these attacks. Besides patches, what can be done to better secure our phones before a vulnerability is again detected?
We’ve been discussing this on our blog: http://uimagicinc.com/blog/ Please check us out and leave a comment!
August 10th, 2010 at 1:44 am
So that every customer can buy the rest assured that with the peace of mind! Your satisfaction is my greatest joy! Either give it away or bring their own are a good choice!Replica Swiss Chronomat Watch
Breitling Evolution Watches
In order to meet their own pursuit of the watch, although the top watch can not afford this life,Replica Swiss Montbrillant Watch
Replica Swiss Navitimer Watch
Replica Swiss Superocean Watch
and a few pieces, but can buy high quality imitation table … reason to believe that a different way of life for those who desire for the urban population power with lore.
August 10th, 2010 at 1:45 am
Watch is an accessory, only one person should not be:
50 Fathoms Watches
Breguet Classique Tourbillon Watches
the pursuit of quality of life of people now have become a mainstream,
Bell & Ross Watches Accessories
BR 01 – Instrument 46mm Watches
from the exterior to the movement of people everywhere to work are moving fine.so more and more customers will buy a few watches to match different to clothing differently occasions,
BR 02 – Instrument 44mm Watches
such as have to watch while swimming at a business dinner to watch and definitely not one to wear light-colored shirt and suit T shirt to watch the same can not, therefore, essentially, the watch is a work of art,
BR 03 – Instrument 42mm Watches
Breitling Accessories Watches
August 10th, 2010 at 1:45 am
please come here, we are lowest price replica Watches supplier,
Royal Oak Offshore Watches
Replica Riviera Watches
offer high-class fake Watches in about 100 famous brands。Watch the quality is good and my hands the final say, the buyer's evaluation of the quality of the watch is the most objective evaluation.Replica Breguet Type XX Watches
Allows you to truly experience the fun of online shopping, and that one of the baby's expectations.Audemars Piguet Jules Audemars Watches
Audemars Piguet Royal Oak Watches
Welcome customers to patronize, to buy more discount more than the price the same product we; the same price we are more than quality;the same quality service site that we were honest promise:Quality assurance; customer first; credit management,Avenger Skyland
October 6th, 2011 at 3:55 am
Very good and interesting article about vulnerabilities. Thanks for posting it, most educational.