Does SMS text message pose a security risk?

In the spring of 2009, Smartphone users were surprised by the sophistication of an SMS worm, known as YXES, that affected Symbian devices. It started with an SMS message that consisted of a link to a malicious website hosting a malicious payload for the device. Once the payload was downloaded, it would attempt to send an SMS message to the phone numbers that appeared in the compromised device’s call log. This worm also stole the user’s device information and uploaded it to the server. In the summer of 2009, mobile security researchers demonstrated, in a live presentation at the BlackHat conference, that they were able to take complete control of a victim’s iPhone by sending a specially crafted SMS message to the device. And in the fall of 2009, Research In Motion (RIM), the manufacturer of BlackBerry Smartphones, issued an advisory concerning a certificate-handling flaw that could allow an attacker to trick users into visiting a malicious website via SMS messages.  Finally, according to research conducted by security researchers at Pennsylvania State University, it may be possible for attackers to cause denial of service conditions by spamming mobile networks, if successful, could cripple them.

continue reading…

Study of BlackBerry Proof-of-Concept Malicious Applications

SMobile’s Global Threat Center (GTC) has released a research study on proof of concept malicious applications for BlackBerry platform. This research exposes the weakened security posture of BlackBerry device that operate under the BlackBerry Internet Service environment. The proof of concept applications discussed in this research are developed to examine the response of BlackBerry inbuilt security framework. Through this research, SMobile concludes that there are certain instances of attacks that may be successful in bypassing the security framework of BlackBerry and poses a significant threat to privacy and confidentiality of the user. This research paper can be downloaded here:

BlackBerry paper

New Spyware released for BlackBerry

In the past few months, there has been a tremendous increase in the release of spyware applications for smartphone devices. Earlier this year we saw the release of the first spyware application for the iPhone that supported 2G/3G/3GS iPhones. Later we saw the releases of more advanced spyware applications for the BlackBerry and the iPhone. And recently, on Nov 06, 2009, the world’s first spyware application for Android was released.  In summary, this year alone we have seen that the threats that were dominating Windows and Symbian devices have begun to make their way to the sexier BlackBerry, iPhone and Android devices.

continue reading…

Australia Breeds First iPhone Worm

November must be the month of firsts in mobile security.  In the first days of November, reports were coming out about a Dutch hacker that was attacking iPhones via SSH, using the well known root password for jailbroken devices.  As our regular readers might recall, SMobile released a report detailing the process to bypass iPhone’s security implementations by jailbreaking the device.  They’ll also recall that our testing team was able to gain root access to the test iPhones by connecting to the device over SSH and using the root account credentials that had been revealed during the research that led to the discovery of the jailbreak process. The Dutch attacker was simply using the same information to take control of victim devices that he was able to locate and connect to, then blackmailing them into paying to release the data on their devices.

continue reading…

First Spyware for Android released

SMobile Systems is proud to announce that it is the first mobile security company to detect and prevent its customers from the World’s first Spyware threat for Android devices. On Oct 26, 2009, the MobileSpy officially released the spyware version for BlackBerry. Now, they have released the world’s first mobile spyware application for Android. It appears that the Mobile Spy team has been working hard in the last couple of weeks to get their spyware application ported to Android devices. According to Mobile Spy, “this Spyware Application is not meant for a use on a phone you do not own and have proper permissions to monitor”, and its spyware now supports all Android models, including the new Motorola Droid and T-Mobile My Touch 3G.

continue reading…

Study of Man In The Middle Attack on Smartphones

According to a survey conducted by a mobile advertising researcher, AdMob, smartphone users are driving up the use of Wi-Fi hotspots. The result of the survey indicates that there were 550 million smartphone Wi-Fi requests in Western Europe alone in 2008, a 132% increase for the year. AdMob said that 42% of the requests fromMIMT Whitepaper iPhones originated from Wi-Fi hotspots [1]. In the United States, AT&T reported a 41% increase for the year in iPhone connections, alone, at wireless hotspots [2]. In a new report, the market research firm Yankee group [3] has forecast that the number of smartphone users will quadruple to 160 million by the year 2013. In another report released by ABI Research, Wi-Fi smartphone sales will double by 2011 [4]. ABI Research also found that 74% of people who have Wi-Fi enabled smartphone’s use the technology and 77% say they want a Wi-Fi enabled handset when they make their next purchase [5].

MITM Attack Whitepaper

BlackBerry Spying Application Raises Awareness

On October 27^th the US-CERT released an advisory detailing the BlackBerry “PhoneSnoop” application that can be used to spy on BlackBerry users. US-CERT’s analysis accurately states that this tool “allows an attacker to call a user’s BlackBerry and listen to personal conversations.” It is important to note that this tool was developed and published under the premise that it is proof-of-concept code designed to raise awareness of the misrepresented nature of the security of BlackBerry devices. The author of the tool, Sheran Gunasekera, publicly states that his “intention was to raise awareness that even though the BlackBerry is one of the more secure platforms, there are still means where its users can be spied upon,” Gunasekera wrote in an e-mail on Tuesday. “I wanted to highlight that even with such technical security controls, the human element can be exploited through social engineering.”

continue reading…

SMobile at Hacker Halted 2009

At this year’s Hacker Halted SMobile gave a presentation entitled Smartphone Hacks and Attacks. If you didn’t make it to this year’s conference, the full presentation PDF is available for download here:

Hacker Halted 2009

CIOs must take steps to safeguard mobile devices

it News Africa

Many companies in South Africa are starting to roll out mobile devices to boost the productivity of their mobile workers. However the lure of empowering employees and making them more efficient (for example BlackBerry smartphone users save an average of 60 minutes a day, according to Ipsos Reid) should be balanced with the need to secure the information that can be accessed on them.

Chief Information Officers (CIOs) must pay close attention to the new security risks that mobile devices such as smartphones are prone to, and ensure that they have the right measures in place to protect the enterprise.

One threat that is growing in significance as more users count on smartphones for business applications is mobile malware. Just like PC viruses, malicious code has the potential to run undetected on a smartphone and wreak havoc within a corporate network.

more>>

Android 1.6 SDK is here

Mobile Marketer

I am happy to let you know that Android 1.6 SDK is available for download. Android 1.6, which is based on the donut branch from the Android Open Source Project, introduces a number of new features and technologies. With support for CDMA and additional screen sizes, your apps can be deployed on even more mobile networks and devices. You will have access to new technologies, including framework-level support for additional screen resolutions, like QVGA and WVGA, new telephony APIs to support CDMA, gesture APIs, a text-to-speech engine, and the ability to integrate with Quick Search Box. What’s new in Android 1.6 provides a more complete overview of this platform update.

The Android 1.6 SDK requires a new version of Android Development Tools (ADT). The SDK also includes a new tool that enables you to download updates and additional components, such as new add-ons or platforms…

more>>