iPhone SMS vulnerability – for virtually all phones?
Your GSM Phone is Probably Vulnerable to Malicious Text Messages
Indeed, it is for real. The messages appearing on the internet about the iPhone SMS attack also being vulnerable to other types of phones, are all true.
The researchers of the original iPhone attack, “Lackey and Miras”, as they are being described in the blog post of Technologizer, described on the Black Hat Briefings of Thursday morning, how they set up test systems “which could read the header data sent along with text (SMS) messages, then used software to craft their own custom headers and messages and sent those messages to various types of GSM band phones.”.
They observated the behaviour of the different types of phones, such as phones running Windows Mobile and the Sony Ericsson phone operating system for a bit cheaper phones of their range, like the S500i.
With the knowledge they made up from the behaviour of the different types of phones, they were able to create a text message that could take over the phone without a phone user actually thinking that something is not good in here.
For example: when they tested the text vulnerability on a Sony Ericsson phone, it gave the user a vague question, as if it was sent by the phone provider itself: “New settings received. Install?”
At the end of the conference, Lackey and Miras demonstrated a self-constructed iPhone app that they like to call TAFT.
With that application, with a few clicks, they can transmit various types of attacks against specific phone models vulnerable to the attack.
Phones vulnerable to this attack include the full product range of iPhones, phones running the Windows Mobile 5 operating system from Microsoft, and Android phones running a version of the OS before the ‘cupcake’ update.
The researchers are right now working with all the major American mobile telephony carriers and manufacturers to solve the holes in the security, but it might take quite a while before everything has been patched.
A few tips:
- If you receive a text message on your phone existing from one character, turn off your phone immediately. If you are not able to do this easily from the interface of the phone, just rip out the battery. Place it back after an hour, maybe two hours, and see if your phone still functions normally. If it malfunctions or functions slower than normal, take out the battery again and bring it to a phone store nearby for repair.
- If your phone displays a screen stating something like “New settings received. Install?” while you haven’t changed phone providers (Note: roaming providers do NOT require you to install new settings!), press “No” and turn off your phone. Turn it on again after approx. 30 minutes, and see if it still works normally. If the phone keeps bringing the question dialog to you, or it malfunctions or functions slower than normal, take out the battery and bring it to a phone store nearby for repair.
- If you have a Windows Mobile phone, you can be covered just a bit more by turning off your mobile internet access completely. The hack for Windows Mobile makes partitially use of WAP (mobile internet) for exploiting it’s vulnerability. You can still receive the text message, but nothing will happen untill the internet access is restored. The best way to keep the virus from connecting to the web is by removing the settings for internet access. You can obtain the settings easily from the website of your mobile phone provider.
- Antivirus programs on mobile phones do not protect you against this vulnerability. Do not feel covered by antivirus or antispyware on your phone: it does not stop this from running at all!
by Daan Berg
April 4th, 2010 at 4:50 AM
This is a really informative post! Thanks for the details.