Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42869
  • Total Topics: 16078
  • Online Today: 3392
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: dananos
« on: 29. September 2010., 17:55:24 »

The extended GSM character set, used to display 'recently' introduced symbols that are in frequent use, such as the euro symbol, is mostly unused, and reserved for future use. This could obviously be an area that could be used for exploits, since phone engineers would not expect data in this area, and thus would not often test against it.

If you see our GSM7 implementation http://sites.google.com/site/freesmsuk/gsm7-encoding, every "." in the strExtendedTable represents a point of entry for unchecked code.

Posted by: Samker
« on: 29. July 2009., 17:33:06 »



Apple has just over a day left to patch a bug in it's iPhone software that could let hackers take over the iPhone, just by sending out and SMS (Short Message Service) message.

The bug was discovered by noted iPhone hacker Charlie Miller, who first talked about the issue at the SyScan conference in Singapore. At the time, he said he'd discovered a way to crash the iPhone via SMS, and that he thought that the crash could ultimately lead to working attack code.

Since, then he's been working hard, and he now says he's able to take over the iPhone with a series of malicious SMS messages. In an interview Tuesday, Miller said he will show how this can be done during a presentation at the Black Hat security conference in Las Vegas this Thursday with security researcher Collin Mulliner.

"SMS is an incredible attack vector for mobile phones," said MIller, an analyst with Independent Security Evaluators. "All I need is your phone number. I don't need you to click a link or anything."

Miller reported the flaw to Apple about six weeks ago, but iPhone's maker has yet to release a patch for the issue. Apple representatives could not be reached for comment, but the company typically keeps quiet about software flaws until it releases a patch.

If it does release a pre-Black Hat patch, Apple will not be alone. Microsoft had to scramble to put out an emergency fix for an issue in its Active Template Library (ATL), used to build ActiveX controls. This "out-of-cycle" patch was released Tuesday, ahead of another Black Hat presentation on that particular vulnerability.

Miller's attack doesn't actually pop up shellcode -- the basic software attackers use as a stepping stone to launch their own programs on a hacked machine -- but it lets him control the instructions that are within the phone's processor. With some more work, someone could take this exploit and run shellcode, Miller said.

Although it's an old technology, SMS is emerging a promising area of security research, as security researchers use the powerful computing capabilities of the iPhone and Google's Android to take a closer look at the way it works on mobile networks.

On Thursday, two other researchers, Zane Lackey and Luis Miras, will show how they can spoof SMS messages that would normally only be sent by servers on the carrier. This type of attack could be used to change someone's phone settings, simply by sending them a SMS message.

Miller believes that more SMS bus are likely to emerge, and to help find them, he and Mulliner have developed an SMS "fuzzing" tool, that can be used to hammer a mobile device with thousands of SMS messages without actually sending the messages over the wireless network (a costly endeavor).

The tool, which he calls the Injector, runs on the iPhone OS, Android, and Windows Mobile mobile phones.

The tool insets itself between the phone's computer processor and the modem and makes it look like the SMS messages are really coming through the modem, when actually they're being generated by the phone.

(PCW)
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising