Aug 03

The last couple of days, we have heard so much about the sms-hack from Collin Mulliner and Charlie Miller. After the appearence of OS 3.0.1 everybody thought the problem was solved. Except a duo that was also at the BlackHat conference in Las Vegas to give a presentation. Luis Miras and Zane Lackey have discovered several SMS-hacks that are not solved with iPhone OS 3.0.1.

Teammember MuscleNerd of the iPhone Dev Team saw a demonstration of the sms-hack during the conference, and concluded: “OMG 3.0.1 does not begin to fix them.”

musclenerdStill, the sms-hacks have not remained unnoticed: CNET and DarkReading have written about it, even without making a link with the sms-hack of Miller and Mulliner. Actually, the hack from Miras and Lackey is a MMS-hack that lures the receiver to a dangerous website which enables the hacker to get data from the device. The attack works on all GSM-phones with MMS functionality, but the attack can also work via sms-messages.

The duo showed a proof-of-concept during the BalckHat. Messages of a trusted party, like a bank, the operator himself, or PayPal were used. The receiver is prepared to open such a message and click on links quicker than strange looking messages. During the demonstration, they sent a voicemail-warning that actually changed the phone settings. Normally an operator has taken measures to counteract these kind of operatormessages.  But this can be easily bypassed, so it seems, and there’s no solution. Researchers advice to be a little bit more careful with sms-messages.

The difference with the sms-hack from Mulliner and Miller is, that the problem doens’t lie with the builders of the devices (or better, the supplier of the mobile OS), but with the operators. Miras and Lackey said to have informed “the mobile operators” and are working with them to find a solution. They also gave the information to the GSM Alliance, who will inform operators. Miras and Lackey earlier discovered another leak in the iPhone application of Swirlyspace, but that leak has been closed since then.

It’s important to know and realise that it’s not an iPhone problem. It works on all GSM-phones with MMS functionality. With the sms-hack attackers can find out what kind of OS runs on your phone and then can attack the phone with specific attacks.


\\ tags: , , , ,

Leave a Reply