Black Hat 2009 - Smartphone Owners
Yesterday, in their report, the notorious Charlie Miller and Collin Mulliner reported on the vulnerabilities found in the SMS subsystem on the mobile platforms of the iPhone, Google Android and Windows Mobile.
They used the trendy Sully fuzzing framework , a framework for "fuzzy" testing. Using such frameworks, it is possible to create very complex sets of input data, intentionally incorrect data structures, etc.
However, without going into details, the meaning of the attack vector found on the SMS subsystem of the specified platforms (iPhone, Android, Windows Mobile) allows you to “put” the phones by sending a specially prepared SMS message to a known number. The user doesn’t even need to press anything - the system will do everything itself :) SMS is just sent to the phone and that's it.
As a result of such a DoS attack, at best, the phone will lose its network and will not be able to receive calls or make calls, at worst - a full reboot of the smartphone will be required.
Detailed report available here.
Yes, according to reports that have appeared on the network, it also multiplies by sending itself across all known “infected” smartphones.
Google has already brought it to the bugtracker, Microsoft and Apple are still silent.
They used the trendy Sully fuzzing framework , a framework for "fuzzy" testing. Using such frameworks, it is possible to create very complex sets of input data, intentionally incorrect data structures, etc.
However, without going into details, the meaning of the attack vector found on the SMS subsystem of the specified platforms (iPhone, Android, Windows Mobile) allows you to “put” the phones by sending a specially prepared SMS message to a known number. The user doesn’t even need to press anything - the system will do everything itself :) SMS is just sent to the phone and that's it.
As a result of such a DoS attack, at best, the phone will lose its network and will not be able to receive calls or make calls, at worst - a full reboot of the smartphone will be required.
Detailed report available here.
Yes, according to reports that have appeared on the network, it also multiplies by sending itself across all known “infected” smartphones.
Google has already brought it to the bugtracker, Microsoft and Apple are still silent.
')
Source: https://habr.com/ru/post/65892/
All Articles