They used a jailbroken iPhone for their demos of their proof-of-concept code that allows for bypassing carrier protections for SMS communications by sending specially crafted MMS messages.More details at CNET.
SMS communications are used by carriers to do administration on the phone and contact customers. For example, voice mail notifications are often delivered over SMS, according to Lackey.
As a result, such admin messages are trusted by recipients, despite the fact that they typically do not reveal the source of the message and other details, they said. Spoofed messages could appear to come from any trusted company like a bank or PayPal.
"This is a carrier issue," Miras said. "We disclosed to them and they're working on a fix."
The researchers also have shared information with the GSM Alliance, which is providing details of the exploit to carriers, they said.
iPhone and other phones can be hacked via spoofed SMS messages
Posted on Friday, July 31 2009 @ 3:27 CEST by Thomas De Maesschalck