SMS used to hijack a phone

Be careful who you give your Mobile Phone number out to. An attacker with the right toolkits and skill could hijack your phone remotely just by sending SMS messages to it, according to mobile security firm Trust Digital.

SMSAttack

In the Trust Digital demo on YouTube, an attacker sends an SMS message to the victim phone (on the left) which opens up a Web browser and downloads an executable file that directs it to send an SMS to the attacker's phone (on the right).

(Credit: Trust Digital)

In what it calls a "Midnight Raid Attack" because it would be most effective when a victim is asleep, an attacker could send a text message to a phone that would automatically start up a Web browser and direct the phone to a malicious Web site, said Dan Dearing, vice president of marketing at Trust Digital. The Web site could then download an executable file on the mobile phone that steals data off the phone, he said.

Dearing demonstrates how this can be done in a video on YouTube.

In another type of attack, an attacker could hijack a phone by sending a type of SMS message called a control message over the GSM network to a victim's phone that is using a WI-FI

network and then use special toolkits to sniff the Wifi traffic looking for the victim's Email log-in information. This attack is explained in another YouTube video.

While the attacks at this point are proof-of-concepts, they could be done if someone has the requisite knowledge and toolkits, said Dearing. Trust Digital recently announced software called EMM 8.0 that can help organizations protect employee phones from these types of attacks, he said.

"This is a completely real threat," said Philippe Winthrop, a director in the global wireless practice at Strategy Analytics. "We will see these attacks. It's a matter of time."

If you enjoyed this post, make sure you subscribe to my 
RSS Feeds !!  

Posted By: R.v.KirubaKaran
Microsoft Certified Professional

There was an error in this gadget