Wednesday, June 17, 2009

SMS Hacking Among Newly Discovered Threats to Cell Phone Users

Yesterday I posted and commented on an article published by Alibaba.com in which they say the cell phone is the safest way to bank online.  I think not.  Today Dark Reading reports that newly discovered threats aimed at cell phones will be presented at Black Hat USA next month in Vegas.  Here are excerpts for yesterday's post and today's Dark Reading article.  

Is Cell Phone Safest Way to Bank Online? In a word, No!

Safest Way to Bank Online? Your Cell Phone
Here'san article which essentially says, everybody knows how to stealinformation from PC users, but cell-phones aren't breached as much, soyour chances are better if you use a cell phone for online banking.  Ihad to chuckle and couldn't help but think that the equivalent of whatthey are saying is thus:

"When you leaves your keys in yourignition, the likelihood of your car being stolen is higher than if youput them in your glove compartment...so put them there."  The statementmay be true, but putting your keys in your glove compartment probablyisn't a good idea either. 

At the end of the day, if you type,the bad guys can swipe.  So convincing me to use my cell phone foronline banking is, well, a hard cell.


Researchers To Unleash New SMS Hacking Tool At Black Hat...


Jun 16, 2009 | 04:42 PM By Kelly Jackson Higgins
DarkReading

Texting just keeps getting riskier: Researchers at next month's Black Hat USA in Las Vegas will demonstrate newly discovered threats to mobile phone users, as well as release a new iPhone application that tests phones for security flaws.

SMS hacking has captured the attention of security researchers lately. In March, Tobias Engel demonstrated an exploit that lets an attacker crash SMS text inboxes on several Nokia mobile phone models. Called the "Curse of Silence" attack, the exploit uses a specially crafted SMS message to launch a denial-of-service (DoS) attack on the victim's phone. While the SMS/MMS messaging features go dark, the phone itself remains operational after the attack.

And with mobile phones increasingly storing more sensitive personal and business information, they will inevitably become a bigger target for attackers, Lackey says. "SMS is interesting -- it's an 'always-on' attack surface," he says, and can be used for a DoS or for executing malware on a victim's phone, for example.

Mobile phones are also even more difficult than laptops to manage and protect, leaving them wide open to compromise. 
Unlike a company-issued laptop, however, mobile phones are sometimes privately owned by users and are under little or no corporate control, Miras says. The best way for users to protect themselves from SMS-based attacks today, he says, is to keep their phones patched.

Read in Entirety at Dark Reading



Reblog this post [with Zemanta]

Disqus for ePayment News