Your GSM Phone is (Probably) Vulnerable to Malicious Text Messages

By  |  Thursday, July 30, 2009 at 11:47 am

TAFT screen iphone 25Virtually all GSM phones (such as Apple’s iPhone) and GSM wireless operators (such as AT&T and T-Mobile) on the planet appear to be vulnerable to attacks using specially crafted SMS text messages discovered by security researchers Zane Lackey and Luis Miras. At the Black Hat Briefings this morning, the two researchers demonstrated several different ways they could bypass anti-spoofing protection in cellphones, and as a result, could send phones hidden commands, profile phones, or even exploit vulnerabilities that remotely disable a targeted phone’s ability to send and receive calls or text messages.

The researchers described how they set up test systems which could read the header data sent along with text messages, then used software to craft their own custom headers and messages and sent those messages to various types of GSM phones. Based on the behavior of the phones they tested, they were able to create several kinds of automated attacks for various phone models, and determined a method an attacker could use to silently connect to mobile phones and retrieve information that permits the attacker to identify the make and model of phone, and other profiling information.

One aspect of the vulnerability not well understood is how different models of phones will behave when they receive these specially-crafted messages. Some, like the Sony Ericsson model shown at right, provide the user no context as to whether information pushed down to the phone comes from a legitimate source.taft sony settings screen med

In a final coup for the conference, Lackey and Miras demonstrated an iPhone app they call TAFT which can, at the click of a few buttons, transmit various types of attacks against specific, vulnerable phone models, including iPhones, and phones running the Windows Mobile 5 and pre-”cupcake” Android operating systems.

The researchers are currently working with all major carriers and phone manufacturers to fix the problems, but warn that it may take some time before the vulnerabilities have been patched.

 
35 Comments


Read more: , , , , , , ,

6 Comments For This Post

  1. Scott Herbert Says:

    I believe “phones running the Windows Mobile 5 and pre-”cupcake” Android operating systems.” have been patched by Google and HTC, however Apple iPhones are still unpacthed.

    Interesting that Apple and Co have known about this for a while (a month I believe) But the only updates Apple released on are anti-jailbrake ones and ones that stop the pre using iTunes…

    Good to know Apple has it’s consumers at heart.

  2. Clee Says:

    Some pretty alarming stuff. How many of us would just click “install” on a random text message we receive, trusting that it’s from the network and not some hacker? As we put more and more of our lives on our smartphones (esp. the iPhone), we become ever more vulnerable to these attacks. Besides patches, what can be done to better secure our phones before a vulnerability is again detected?

    We’ve been discussing this on our blog: http://uimagicinc.com/blog/ Please check us out and leave a comment!

  3. yhwebcn Says:

    So that every customer can buy the rest assured that with the peace of mind! Your satisfaction is my greatest joy! Either give it away or bring their own are a good choice!Replica Swiss Chronomat Watch
    Breitling Evolution Watches
    In order to meet their own pursuit of the watch, although the top watch can not afford this life,Replica Swiss Montbrillant Watch
    Replica Swiss Navitimer Watch
    Replica Swiss Superocean Watch
    and a few pieces, but can buy high quality imitation table … reason to believe that a different way of life for those who desire for the urban population power with lore.

  4. yhwebcn Says:

    Watch is an accessory, only one person should not be:
    50 Fathoms Watches

    Breguet Classique Tourbillon Watches
    the pursuit of quality of life of people now have become a mainstream,
    Bell & Ross Watches Accessories
    BR 01 – Instrument 46mm Watches
    from the exterior to the movement of people everywhere to work are moving fine.so more and more customers will buy a few watches to match different to clothing differently occasions,
    BR 02 – Instrument 44mm Watches
    such as have to watch while swimming at a business dinner to watch and definitely not one to wear light-colored shirt and suit T shirt to watch the same can not, therefore, essentially, the watch is a work of art,
    BR 03 – Instrument 42mm Watches
    Breitling Accessories Watches

  5. yhwebcn Says:

    please come here, we are lowest price replica Watches supplier,
    Royal Oak Offshore Watches
    Replica Riviera Watches
    offer high-class fake Watches in about 100 famous brands。Watch the quality is good and my hands the final say, the buyer's evaluation of the quality of the watch is the most objective evaluation.Replica Breguet Type XX Watches
    Allows you to truly experience the fun of online shopping, and that one of the baby's expectations.Audemars Piguet Jules Audemars Watches
    Audemars Piguet Royal Oak Watches
    Welcome customers to patronize, to buy more discount more than the price the same product we; the same price we are more than quality;the same quality service site that we were honest promise:Quality assurance; customer first; credit management,Avenger Skyland

  6. Avi to mp4 converter Says:

    Very good and interesting article about vulnerabilities. Thanks for posting it, most educational.

29 Trackbacks For This Post

  1. iPhone SMS vulnerability - for virtually all phones? - The Tech Lunch Says:

    [...] iPhone SMS vulnerability – for virtually all phones? Jul.30, 2009 in Apple, Daan Berg column, Hardware, News Your GSM Phone is Probably Vulnerable to Malicious Text Messages [...]

  2. Black Hat: SMS Attacks Not Just for iPhones | Gizmo Addiction Says:

    [...] Technologizer is reporting on the developing story on SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, nearly all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing shield and send goods designed to get access and take control of the phone. [...]

  3. Hackers show how Apple iPhone can be taken over by malicious text message @ Technology News Says:

    [...] then later in the session, two other researchers step up and say that pretty much any GSM phone is vulnerable to maliciously crafted text messages. Oh, hell. As a result, [they] could send phones hidden [...]

  4. Black Hat: SMS Attacks Not Just for iPhones | Apple News Says:

    [...] Technologizer is reporting on the developing story on SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, nearly all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing defense and send notes designed to get access and take control of the phone. [...]

  5. Black Hat: SMS Attacks Not Just for iPhones | Spike Feed Says:

    [...] Technologizer is reporting on the developing story on SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, almost all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing security and send data designed to get access and take control of the phone. [...]

  6. winandmac.com » Not only the iPhone: All GSM phones can be hacked by malicious SMS Says:

    [...] Technologizer, BusinessWeek, [...]

  7. Black Hat: SMS Attacks Not Just for iPhones - 1559th Edition | Tech & Telephone Blog Says:

    [...] Technologizeris reporting on thedeveloping storyon SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, almost all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing security and send data designed to get access and take control of the phone. [...]

  8. Calm down: It’s not doomsday for your iPhone - L&C Tech Talk Says:

    [...] Harry McCracken at Technologizer reports that all phones that use GSM (including AT&T and T-mobile phones) are vulnerable to the [...]

  9. Black Hat: SMS Attacks Not Just for iPhones | Albmobile Blog - Maximize Your Mobile Phone Says:

    [...] Technologizer is reporting on the developing story on SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, almost all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing security and send data designed to get access and take control of the phone. [...]

  10. Black Hat: SMS Attacks Not Just for iPhones | Hot Trends 2 Tweet Says:

    [...] Technologizer is reporting on the developing story on SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, almost all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing security and send data designed to get access and take control of the phone. [...]

  11. Hackers show how Apple iPhone can be taken over by malicious text message | RSS For Gadgets Says:

    [...] then later in the session, two other researchers step up and say that pretty much any GSM phone is vulnerable to maliciously crafted text messages. Oh, hell. As a result, [they] could send phones hidden [...]

  12. theregoesdave.com » The skinny on the iPhone vulnerability Says:

    [...] AT&T to remotely control features on your phone. If your provider is T-Mobile or AT&T, your phone likely has the same ‘feature’ these guys are calling a [...]

  13. Black Hat: SMS Attacks Not Just for iPhones | My Apple iPhone Says:

    [...] Technologizer is reporting on the developing story on SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, almost all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing security and send data designed to get access and take control of the phone. [...]

  14. How iPhone can be taken over by text - Front Page News - NewsSpotz Says:

    [...] does figure this out. ..And then later in the session, two other researchers step up and say that pretty much any GSM phone is vulnerable to maliciously crafted text messages. Oh, hell. As a result, [they] could send phones hidden [...]

  15. iPhone hack? How about an AT&T and T-Mobile hack. | Techronos Says:

    [...] network (AT&T and T-Mobile) are affected by this flaw.  Not just the iPhone.  Read about it here on [...]

  16. Falha de segurança no SMS do iPhone também afeta outros celulares e deverá ser solucionada pela Apple logo | MacMagazine Says:

    [...] Technologizer.] Email this to a friend?Tweet This!Share this on FacebookShare this on del.icio.usAdd this to [...]

  17. winandmac 香港版 | 不只是iPhone:手機SMS存在嚴重漏洞 Says:

    [...] [來源:Technologizer, BusinessWeek, CNET] [...]

  18. iPhone/GSM phones vulnerable to SMS hacks, patch coming soon | Nuze.me Says:

    [...] However, security researchers Zane Lackey and Luis Miras also demonstrated that the vulnerability can affect any GSM phone, though exactly how each phone reacts to the vulnerability [...]

  19. Open Systems Journal » Blog Archive » iPhone/GSM phones vulnerable to SMS hacks, patch coming soon Says:

    [...] However, security researchers Zane Lackey and Luis Miras also demonstrated that the vulnerability can affect any GSM phone, though exactly how each phone reacts to the vulnerability [...]

  20. The Vortex:The Jokes Just Write Themselves « The Guidewire Says:

    [...] an “It’s all over people!” proclamation, beware of one-character SMS messages on any GSM phone, not just iPhones. Two researchers were kind enough to demonstrate the hack yesterday, so if you [...]

  21. iPhone/GSM phones vulnerable to SMS hacks, patch coming soon | I R Here Says:

    [...] However, security researchers Zane Lackey and Luis Miras also demonstrated that the vulnerability can affect any GSM phone, though exactly how each phone reacts to the vulnerability [...]

  22. Apple releases patch for iPhone SMS flaw [Updated] - L&C Tech Talk Says:

    [...] has known about the bug for more than a month. It apparently affects smartphones that use GSM, but Google’s Android is the only phone OS that has already been [...]

  23. iPhone/GSM phones vulnerable to SMS hacks, patch coming soon | Wilsonbroadcast Says:

    [...] However, security researchers Zane Lackey and Luis Miras also demonstrated that the vulnerability can affect any GSM phone, though exactly how each phone reacts to the vulnerability [...]

  24. Apple Patches SMS Security Flaw | Technologizer Says:

    [...] all:&nbspQuickies It sounded alarming–even if the scariness was theoretical–but now Apple has patched it up. Details [...]

  25. Black Hat: SMS Attacks Not Just for iPhones « Everything iPhone Says:

    [...] Technologizer is reporting on the developing story on SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, almost all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing security and send data designed to get access and take control of the phone. [...]

  26. iPhone/GSM phones vulnerable to SMS hacks, patch coming soon | mowbee.com Says:

    [...] However, security researchers Zane Lackey and Luis Miras also demonstrated that the vulnerability can affect any GSM phone, though exactly how each phone reacts to the vulnerability [...]

  27. Apple Patches iPhone SMS Security Flaw | Oh Wow ... a Blog Says:

    [...] sounded alarming–even if the scariness was theoretical–but now Apple has patched it up. Details [...]

  28. Ui Magic » Smartphone Vulnerability Says:

    [...] the phone from the network or hijack it altogether.   Security experts Zane Lackey and Luis Miras demonstrated one such scenario on a Sony Ericsson phone, sending a malicious message that showed up on the phone as: “New settings received. [...]

  29. SMS Attacks Not Just for iPhones | See with SEO eyes Says:

    [...] Technologizer is reporting on the developing story on SMS attacks coming out of today’s Black Hat Conference sessions. Seems like while the iPhone is grabbing a lot of attention, almost all GSM phones are said to be vulnerable. Basically, they get around the anti-spoofing security and send data designed to get access and take control of the phone. [...]

Comment on This Story