Hackers revealed at the Black Hat security conference in Las Vegas that spoofed SMS messages could allow attacks to steal your phones' data or perform other malicious tasks. For the demonstration the researchers used the iPhone, but the exploit works potentially on any type of phone that it MMS-enabled and operating on GSM networks.
They used a jailbroken iPhone for their demos of their proof-of-concept code that allows for bypassing carrier protections for SMS communications by sending specially crafted MMS messages.
SMS communications are used by carriers to do administration on the phone and contact customers. For example, voice mail notifications are often delivered over SMS, according to Lackey.
As a result, such admin messages are trusted by recipients, despite the fact that they typically do not reveal the source of the message and other details, they said. Spoofed messages could appear to come from any trusted company like a bank or PayPal.
"This is a carrier issue," Miras said. "We disclosed to them and they're working on a fix."
The researchers also have shared information with the GSM Alliance, which is providing details of the exploit to carriers, they said.