Short Messaging Service - Hijack Tool
Permalink: Short Messaging Service - Hijack Tool
by Franz Bicar
Did you know, that SMS or text messages is now a hacker’s tool to hijack a victims phone? Apparently, an attacker with the right skills could hijack a phone remotely just by sending SMS messages to it. This is according to a mobile security firm Trust Digital.
What happens is that a text message could be sent to a phone which would then open a phone’s web browser and direct the phone to a malicious Web site. The Web site could then download an executable file on the mobile phone that steals data off the phone. This is even more effective when the victim is not attending to his device, say while the victim is asleep - thereby naming this attack the “Midnight Raid Attack”.
But that’s not all. Another attack can also be used. This time, an attacker could hijack a phone by sending a type of SMS message called a control message over the GSM network to a victim’s phone that is using a Wi-Fi network and then use special toolkits to sniff the Wifi traffic looking for the victim’s e-mail log-in information.
While the attacks at this point are proof-of-concepts, they could be done if someone has the requisite knowledge and toolkits. Trust Digital recently announced software called EMM 8.0 that can help organizations protect employee phones from these types of attacks.