Mobile phones attacked via spoofed SMS messages

Dark Atheist · July 31st, 2009

Researchers at the Black Hat security conference on Thursday showed how an attacker could spoof a type of SMS message that appears to be sent from the carrier or some other trusted source.

This attack on MMS (multimedia messaging service) messages, a type of SMS message, could allow an attacker to trick the recipient into visiting a malicious Web site or ultimately do something else to harm the phone or steal data.

The attacks work potentially on any type of phone that is MMS-enabled and operating on Global System for Mobile communications (GSM) networks, said Zane Lackey, a senior consultant at ISEC Partners, and independent researcher Luis Miras.

They used a jailbroken iPhone for their demos of their proof-of-concept code that allows for bypassing carrier protections for SMS communications by sending specially crafted MMS messages.

SMS communications are used by carriers to do administration on the phone and contact customers. For example, voice mail notifications are often delivered over SMS, according to Lackey.

News Source: Cnet

UPDATE:
Another SMS hack that could be used to send messages, or generally do anything on another person's iPhone has been fixed by Apple and owners should consider updating immediatly by connecting it to their computers. Rumours suggest that this update will undo any jailbreaks so if you have already crossed that line, be aware!

**Electronic Punk** · July 31st, 2009

So it seems they have just learnt to send junk mail?
And I think the main use of SMS messages is actually for teenage girls to inform each and everyone of their friends that they are 100m further down the road than they were in their previous message.

**Electronic Punk** · July 31st, 2009

I think the real issue is actually mentioned later in the article:

SMS attacks are getting easier because iPhones and Android devices are easily modified and because SMS functionality has been built at higher layers that provide full access to an attacker, said Lackey.

The researchers also said they uncovered an SMS implementation flaw that they exploited to temporarily crash the phone process of an Android phone so no calls or texts could be sent or received. Google fixed that flaw, they said.

The iPhone looks like it can also be crashed by a "text" message:
http://news.cnet.com/8301-27080_3-10299378-245.html

Feeling pretty smug about Windows Mobile right now, which is a new sensation I will admit

**Jewelzz** · July 31st, 2009

I love my iPhone!

**Electronic Punk** · July 31st, 2009

X-istence is at black hat, so will very likely love it too shortly

**falconguard** · July 31st, 2009

Originally Posted by Electronic Punk

X-istence is at black hat, so will very likely love it too shortly

In official capacity? Or as just another expose the fed playa? Are we going to get a blog like last time?

**Electronic Punk** · July 31st, 2009

He mentioned blogging on his blog or wordpress, but my return came a little late to really organise very much. He didn't want to use his osnn logon anywhere for failry obvious reasons

**falconguard** · July 31st, 2009

yeah that whole Iphone thing. He'd get used..

**Electronic Punk** · July 31st, 2009

http://www.neowin.net/news/main/09/0...e-firmware-301

Patched, good job Apple!

**Jewelzz** · July 31st, 2009

Thank EP, I'm downloading and installing the patch now

Gigabot · August 1st, 2009

Originally Posted by Electronic Punk

X-istence is at black hat, so will very likely love it too shortly

Darn, it's patched now! I was going to have X-istence create an app that sends fart bombs to every iPhone in the world via SMS.

**Electronic Punk** · August 1st, 2009

I believe that is one of the must-have iPhone applications anyway.

July 31st, 2009	Top \| #1
Dark Atheist I never said I was nice Joined: April 2003 Location: In The Void Posts: 6,346 Blog Entries: 8 Reputation: 1877 Power: 0	Mobile phones attacked via spoofed SMS messages Researchers at the Black Hat security conference on Thursday showed how an attacker could spoof a type of SMS message that appears to be sent from the carrier or some other trusted source. This attack on MMS (multimedia messaging service) messages, a type of SMS message, could allow an attacker to trick the recipient into visiting a malicious Web site or ultimately do something else to harm the phone or steal data. The attacks work potentially on any type of phone that is MMS-enabled and operating on Global System for Mobile communications (GSM) networks, said Zane Lackey, a senior consultant at ISEC Partners, and independent researcher Luis Miras. They used a jailbroken iPhone for their demos of their proof-of-concept code that allows for bypassing carrier protections for SMS communications by sending specially crafted MMS messages. SMS communications are used by carriers to do administration on the phone and contact customers. For example, voice mail notifications are often delivered over SMS, according to Lackey. News Source: Cnet UPDATE: Another SMS hack that could be used to send messages, or generally do anything on another person's iPhone has been fixed by Apple and owners should consider updating immediatly by connecting it to their computers. Rumours suggest that this update will undo any jailbreaks so if you have already crossed that line, be aware!

July 31st, 2009	Top \| #2
Electronic Punk The Last High Joined: December 2001 Location: London Posts: 18,506 Blog Entries: 51 Reputation: 3652 Power: 346	Re: Mobile phones attacked via spoofed SMS messages So it seems they have just learnt to send junk mail? And I think the main use of SMS messages is actually for teenage girls to inform each and everyone of their friends that they are 100m further down the road than they were in their previous message.

July 31st, 2009	Top \| #3
Electronic Punk The Last High Joined: December 2001 Location: London Posts: 18,506 Blog Entries: 51 Reputation: 3652 Power: 346	Re: Mobile phones attacked via spoofed SMS messages I think the real issue is actually mentioned later in the article: SMS attacks are getting easier because iPhones and Android devices are easily modified and because SMS functionality has been built at higher layers that provide full access to an attacker, said Lackey. The researchers also said they uncovered an SMS implementation flaw that they exploited to temporarily crash the phone process of an Android phone so no calls or texts could be sent or received. Google fixed that flaw, they said. The iPhone looks like it can also be crashed by a "text" message: http://news.cnet.com/8301-27080_3-10299378-245.html Feeling pretty smug about Windows Mobile right now, which is a new sensation I will admit

July 31st, 2009	Top \| #4
Jewelzz Queen of Farts Joined: March 2002 Location: Texas Posts: 10,944 Blog Entries: 7 Reputation: 1843 Power: 249	Re: Mobile phones attacked via spoofed SMS messages I love my iPhone!

July 31st, 2009	Top \| #5
Electronic Punk The Last High Joined: December 2001 Location: London Posts: 18,506 Blog Entries: 51 Reputation: 3652 Power: 346	Re: Mobile phones attacked via spoofed SMS messages X-istence is at black hat, so will very likely love it too shortly

Latest News Posts

Latest Forum Posts

Latest Member Blogs

July 31st, 2009	Top \| #6
falconguard Carbon based lifeform Joined: February 2004 Location: SoCal Posts: 3,406 Reputation: 2305 Power: 155	Re: Mobile phones attacked via spoofed SMS messages Originally Posted by Electronic Punk X-istence is at black hat, so will very likely love it too shortly In official capacity? Or as just another expose the fed playa? Are we going to get a blog like last time?

July 31st, 2009	Top \| #7
Electronic Punk The Last High Joined: December 2001 Location: London Posts: 18,506 Blog Entries: 51 Reputation: 3652 Power: 346	Re: Mobile phones attacked via spoofed SMS messages He mentioned blogging on his blog or wordpress, but my return came a little late to really organise very much. He didn't want to use his osnn logon anywhere for failry obvious reasons

July 31st, 2009	Top \| #8
falconguard Carbon based lifeform Joined: February 2004 Location: SoCal Posts: 3,406 Reputation: 2305 Power: 155	Re: Mobile phones attacked via spoofed SMS messages yeah that whole Iphone thing. He'd get used..

July 31st, 2009	Top \| #9
Electronic Punk The Last High Joined: December 2001 Location: London Posts: 18,506 Blog Entries: 51 Reputation: 3652 Power: 346	Re: Mobile phones attacked via spoofed SMS messages http://www.neowin.net/news/main/09/0...e-firmware-301 Patched, good job Apple!

July 31st, 2009	Top \| #10
Jewelzz Queen of Farts Joined: March 2002 Location: Texas Posts: 10,944 Blog Entries: 7 Reputation: 1843 Power: 249	Re: Mobile phones attacked via spoofed SMS messages Thank EP, I'm downloading and installing the patch now

August 1st, 2009	Top \| #11
Gigabot OSNN Senior Addict Joined: December 2008 Location: USA Posts: 406 Reputation: 110 Power: 44	Re: Mobile phones attacked via spoofed SMS messages Originally Posted by Electronic Punk X-istence is at black hat, so will very likely love it too shortly Darn, it's patched now! I was going to have X-istence create an app that sends fart bombs to every iPhone in the world via SMS.

August 1st, 2009	Top \| #12
Electronic Punk The Last High Joined: December 2001 Location: London Posts: 18,506 Blog Entries: 51 Reputation: 3652 Power: 346	Re: Mobile phones attacked via spoofed SMS messages I believe that is one of the must-have iPhone applications anyway.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
free browsers for mobile phones	perris	Portable Devices & Gadgets	13	April 24th, 2011 4:00pm
Free Online Unlocking of Nokia Mobile Phones	BonyTony	Portable Devices & Gadgets	12	December 11th, 2010 1:54pm
Latest Mobile Phones for £20, is this real?	Jason	Portable Devices & Gadgets	18	March 26th, 2004 10:56pm
MSN messanger Mobile/SMS messages	allan03	Windows Desktop Systems	2	April 8th, 2002 11:34am