At the Black Hat Security Conference that’s taking place today in Las Vegas, two security researchers are set to present on several SMS vulnerabilities that have been identified that could affect several major mobile operating systems- including Android, iPhone and Windows Mobile.
Using some sophisticated software and technical know-how, researchers are using what’s called the “Sully Fuzzing Framework” to point out any and all potential flaws and security loopholes present in various scenarios. “Fuzzing” is a form of automated software testing that involves entering random or unexpected data. Crashes or unexpected behavior arising from such input can then be analyzed as a potential vulnerability.
More simply, the two researchers created a layer, called the “injector,” just above the bottom of the telephony stack that performs a “man-in-the-middle attack,” so to speak, by intercepting communication between a mobile device’s modem and multiplexer. By doing so, the pair found several SMS flaws on both Android and iPhone platforms, with Windows Mobile still being analyzed.
In iPhone OS 2.2 and 2.2.1, they were able to crash the iPhone’s SpringBoard window management application and the iPhone’s CommCenter, which manages iPhone connectivity- the heart of network connection for the iPhone, meaning vulnerabilities could be a serious problem.
This news comes on the heels of a report that Symbian-powered smartphones are likely to be infected with malware and spyware and doesn’t speak well of the security surrounding the devices that almost everyone in the world is carrying around with them at all times. It shows that, just like with computers, we should never keep our guard down from attacks of all kinds. Hopefully, patches and fixes can be introduced now that the vulnerabilities have been recognized, but that only means new loopholes and attacks will be along shortly.