Posted on 07/30/2009 11:45:27 PM PDT by Swordmaker
With one bombshell already having been dropped at the BlackHat Conference (that most implementations of SSL are configured to give up everything including logins, credit cards, etc.), researchers dropped another one today when they demonstrated how the SMS infrastructures of GSM-flavored operators such as AT&T (NYSE: T) and T-Mobile are hackable to the point that cell phones can be hacked and their users can be tricked into divulging confidential information.
By the time you read this, there will probably be some videos of the hacks posted to YouTube. But the net net is that there are different SMS message types. Some for delivering the text messages that people send to and from their cell phones every day and others for provisioning cell phones with over the air software updates.
Here at the BlackHat conference, researchers Luis Miras and Zane Lackey first demonstrated how they were able to send an SMS message to an iPhone that appears to come from 611 (see screenshot below). In other words, it bypasses the anti-spoofing technology run by the GSM carrier. The problem with sending messages from 611 is that many people think of 611 as a trusted number that represents the cell phone company that provisions their phone. In their demonstration, they sent a message from one iPhone to another that appears to come from the 611 number and that asks people to login into a Web site and enter sensitive information. (continued below screenshots)
The second hack they showed is how they could use the SMS infrastructure to prompt a cell phone user (in this case, a iPhone Sony (NYSE: SNE) Ericcson phone user) to install an over the air (OTA) software update. The user is presented with the choice to accept or refuse the OTA update. Given how many people would automatically accept the update, you can imagine the damage that would be done once hackers essentially "owned" your phone.
Of even more significance to me is how these attacks can be launched from nothing more than another cell phone.
Here at Blackhat, heads shook and jaws hung open as Miras and Lackey showed a video of their hack. They were not specific about which carrier's SMS infrastructure they hacked and refused to answer when asked. iPHones can be unlocked so it could have been AT&T or T-Mobile. Verizon and Sprint, both of which are not GSM-bsed carriers, are not susceptible to the hack. When asked if they had reached out to AT&T and T-Mobile, the pair of researchers said they were working with the GSM Alliance which in turn was working with all GSM carriers. In my interview of them, they said they had not yet tried their hack on any European-based carriers.
<
If you want on or off the Mac Ping List, Freepmail me.
Ought to buy American technology, CDMA.
CDMA and GSM are both being phased out in favor of LTE, aka 4G, starting next year.
Yes, and don’t forget WiMax. It’s working right now, as opposed to LTE.
WiMax isn’t really meant for cellular access, though. It’s basically a huge wifi blanket. WiMax’s best use, IMO, is for providing Internet access to rural areas at low cost. LTE fills a different niche.
That shot of the iPhone screen - what app is that? Sure doesn’t look like any text screen I have seen...
Or is it a clumsy screen shot that has been poorly trimmed?
How is Wimax working out in Baltimore? Don’t they have plans for Wimax phones? If it’s best for rural areas, their plan to add it in 10 cities over the next year is not going to work out.
There are phones with wifi, but the wifi doesn’t necessarily replace their CDMA or GSM chipsets. Similarly, WiMax won’t replace the LTE chipset.
It keeps a running, scrolling version of text messages in word balloons by user, with the balloons coming from the left being from the other person and from the right coming from you.
Here's the steak on the iPhone with the sizzle removed.
The text message program can spoof the phone number being called from, to make it appear that the text message comes from someone else. You still have to click on a link and go to the web site and agree to install the software. With the exception of the number spoof, there's not much there. Also, if I'm reading correctly, the spoof takes place on the server side at the phone company, NOT inside the phone itself. Now, all that being said, it seems to a dweeb like me that it's probably not that tough to hack a cell phone in your possession to send out a fake phone number. I can get my cell phones to function as different numbers by changing the Sim cards.
On the prompting to install programs, in the original article it says "(in this case, a iPhone Sony (NYSE: SNE) Ericcson phone user)" the iPhone is struck through, indicating that the phone that was spoofed to install a program was the Sony. There is no other mention of the iPhone being spoofed to install updates. As the iPhone updates are usually through the iTunes store, and are run through specific Apple programs, I suspect the iPhone was not hacked in this way.
If I'm reading the article wrong, please correct me. For iPhone users (myself, which is why I'm most interested in the iPhone) the only "fix" that seems necessary is not to follow links from text messages.
Swordmaker, Apple has a patch out for the SMS vulnerability. Just connect your iPhone to the computer and it comes up when it synchs. As I noted in my earlier post, I don’t think the software installation hack affects iPhone, so we’re good to go again.
I think it's a jailbroken iPhone.
Thanks, Richard. I’ve been away from my computer all day.
Thanks - I am an iPhone owner. I am familiar with the regular SMS screen. It was the other stuff above all that - then I figured that maybe it was a poorly cropped screenshot - or is a jailbroken phone with an app/hack installed that showed the other buttons/etc. at the top of the image.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.