LAS VEGAS--In one of a handful of SMS-related presentations here at the Black Hat security show, researchers demonstrated on Thursday how they can force certain types of smartphones to visit a malicious URL or install an app without user approval.
The vulnerability only affects phones that have been misconfigured by the original equipment manufacturer so that they accept any message sent through WAP Push (Wireless Application Protocol), a service that runs on top of SMS, said researcher John Hering.
WAP Push messages should only be accepted when sent by a trusted party such as the mobile operator, said Hering, chief executive of Flexilis, which provides software for protecting mobile phones from attack.
The vulnerability spans all Windows Mobile devices including HTC, Motorola, and Samsung, but not all of any one make or model of phone is found to be vulnerable, only random ones, he said.
More: http://news.cnet.com/8301-27080_3-10300536-245.html
............................................................................................
The vulnerability only affects phones that have been misconfigured by the original equipment manufacturer so that they accept any message sent through WAP Push (Wireless Application Protocol), a service that runs on top of SMS, said researcher John Hering.
WAP Push messages should only be accepted when sent by a trusted party such as the mobile operator, said Hering, chief executive of Flexilis, which provides software for protecting mobile phones from attack.
The vulnerability spans all Windows Mobile devices including HTC, Motorola, and Samsung, but not all of any one make or model of phone is found to be vulnerable, only random ones, he said.
More: http://news.cnet.com/8301-27080_3-10300536-245.html
