iPhone and other phones can be hacked via spoofed SMS messages

Posted on Friday, July 31 2009 @ 3:27 CEST by Thomas De Maesschalck
Hackers revealed at the Black Hat security conference in Las Vegas that spoofed SMS messages could allow attacks to steal your phones' data or perform other malicious tasks. For the demonstration the researchers used the iPhone, but the exploit works potentially on any type of phone that it MMS-enabled and operating on GSM networks.
They used a jailbroken iPhone for their demos of their proof-of-concept code that allows for bypassing carrier protections for SMS communications by sending specially crafted MMS messages.

SMS communications are used by carriers to do administration on the phone and contact customers. For example, voice mail notifications are often delivered over SMS, according to Lackey.

As a result, such admin messages are trusted by recipients, despite the fact that they typically do not reveal the source of the message and other details, they said. Spoofed messages could appear to come from any trusted company like a bank or PayPal.

"This is a carrier issue," Miras said. "We disclosed to them and they're working on a fix."

The researchers also have shared information with the GSM Alliance, which is providing details of the exploit to carriers, they said.
More details at CNET.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments