Report from Black HatU r pwned: text messaging as a hacking tool

Published 31 July 2009

Text messages appear on mobile phones without any interaction from the user, and sometimes with limited interference from the cellular network operators — giving criminals an opening to break into those devices

Receiving a text message is as if someone sliding a piece of mail under your door: You may not have asked for it, you can not stop its delivery, and you have to deal with it whether you want to or not. The fact that text messages appear on mobile phones without any interaction from the user, and sometimes with limited interference from the cellular network operators, can give criminals an opening to break into those devices, as three teams of researchers showed Thursday at the Black Hat security conference here.

BusinessWeek reports that their targets ran the gamut. Apple’s iPhones and phones running Microsoft Corp.’s Windows Mobile and Google Inc.’s Android operating systems were all shown to be vulnerable. In some cases, the problems were not with software, but the way cellular networks process messages.

The findings are troubling as people increasingly use their phones for handling sensitive data, like e-mail and online banking. Phones are morphing into mini-computers, which means they are going to start getting attacked like PCs.

In some respects, phones are relatively safer. Cellular carriers control their networks more tightly than anyone controls the Internet, so they are in a better position to stop new types of attacks that crop up.

Telling the difference between harmful and legitimate traffic can be tricky, though. Anonymity still is possible given the proliferation of prepaid plans that do not require long-term contracts; a carrier can trace an attack to a particular phone but not necessarily to a particular person.

The techniques demonstrated Thursday show that even disciplined and safety-conscious users could have their phones hacked because they can not totally control what’s coming into them.

Innocent people could have their smart phones knocked offline, commanded to visit sites hosting pornography or viruses, or even turned into remote-controlled subordinates of a criminal gang behind an attack.

Take this example about the iPhone, from Charlie Miller, a well-known hacker of Apple Inc. and other products, and his co-presenter Collin Mulliner, a Ph.D. student in telecommunications security at the Technical University of Berlin.

They showed how they can disconnect an iPhone from the cellular network by sending it a single, maliciously crafted text message — a message the victim never sees. The messages exploit bugs in the way iPhones handle certain messages and are used to crash parts of the software.

They even said it is possible to remotely control an iPhone by sending 500 messages to a single victim’s phone.