 |
 |
|
Text messaging helps the life of criminals and hackersAdd to Aug. 1, 2009 Three teams of security researchers showed Thursday at the Black Hat Security Conference in Las Vegas that text messaging can give criminals and potential hackers an opening to break into cell phones, MIDs (mobile Internet devices) and smartphones. The findings aren't surprising. Apple's iPhones, mobile handsets running Microsoft's Windows Mobile and even Google’s new Android operating system were all shown to be vulnerable. In specific cases, the issues weren't related with software, but the way today's mobile service providers process network messages.  Many mobile handsets today are now emulating small computers, which means they're going to start getting attacked just like laptops and even workstations connected to Wi-Fi networks or LANs. The findings are very disturbing as people increasingly use their cell phones for handling sensitive data, like email, document management and especially online banking and online stock trading. For the most part, mobile service carriers control their networks more tightly than some ISPs, so they could be in a better position to stop new types of attacks that could show their ugly faces, but still, the great potential is there for attackers to test the system and exploit some weaknesses in the network. Overall, telling the difference between harmful and legitimate traffic can be tricky, and this is probably where it gets the most complicated. And anonymity still is possible given the proliferation of prepaid plans that don't require long-term contracts. A wireless carrier can trace an attack to a particular phone but not necessarily to a particular person. It's difficult to use law enforcement when you don't know who the offender is... For example, innocent people could have their smartphones knocked offline, commanded to visit sites hosting porn or powerful viruses, or even turned into remote-controlled "slave phones" of a criminal gang behind an attack. Some of the hacking techniques demonstrated at the security conference reveal that even disciplined and safety-conscious mobile users could have their smartphones and MIDs hacked simply because they can't totally control what's coming into them! Security researchers showed how they can simply disconnect an iPhone from any mobile network by sending it a single, maliciously crafted text message-— a message the victim will never see. Such text messages exploit security holes in the way iPhones handle certain messages and are used to crash parts of the vulnerable software. It's even possible to remotely control an iPhone by sending 500 messages to a single victim's phone. Those text messages contain the necessary commands for the attack and would get executed automatically by exploiting a weakness in the way the iPhone's memory responds to that volume of traffic. Obviously, such potential hackers come from the computer world and are discovering many similarities that can easily and rapidly exploit not just a cell phone but even large parts of a wireless network. Make no mistake: text messaging attacks are attractive, and are going to become more frequent, simply because the underlying technology is a core handset feature that simply cannot be turned off, and that's the whole heart of the problem. Other security problems were also discovered in mobile handsets running Google's Android and Windows Mobile. Google says that that issue has been repaired, but Microsoft said the issue still remains and that the software giant is still working on a security patch. For its part, Apple said it won't comment on its security problems for now. Add to
Source: The Black Hat Security Conference. 
home |
news archives |
resources |
advertise with us
Copyright © Wireless Industry News. All rights reserved. |
Digg this