iPhones and other GSM network phones (AT&T and T-Mobile) may be vulnerable to attack via SMS and MMS. Your sensitive data may be exposed.
Last week, I discovered that anti-theft program on my phone was sending SMS messages to an international number. I have since uninstalled the program and contacted the vendor.
If it had not been an international number (and charged an extra fee), I would have reviewed my SMS/MMS messages sents on my bill.
BEWARE!
Some SMS Networks Vulnerable to Attack - Business Center - PC World.
The iPhone tool, which runs on a jailbroken version of the device, lets them send SMS messages with data that should normally only be sent from the carrier network, the source said. "They have found a new attack vector by which people can try to exploit phones based upon invalid assumptions the network operators and the phone operators have made about the security of this communications channel."
The attack works on the GSM (Global System for Mobile Communications)-based networks used by carriers such as AT&T and T-Mobile, but does not work on CDMA (Code Division Multiple Access) networks, he said.
It's not clear how dangerous such an SMS-based attack could be, or what exactly the researchers were able to do with their spoofed messages, but carriers use SMS to send basic configuration to the phones. In theory, an attacker might be able to use this technique to redirect a phone's Web browser to a malicious server or change voicemail notifications.
Comments