Are text messages a potential danger to your smartphone? A couple of weeks ago, security researchers demonstrated a number of holes by exploiting holes in SMS implementation – including one that sufficiently embarrassed Apple to send out a patch for the iPhone (News - Alert).
Security analyst Charlie Miller had initially and vaguely disclosed an iPhone vulnerability back in July and noted that the flaw could be used by an attacker to crash the iPhone and then take it over. Miller and co-researcher Collin Mulliner built upon their initial work to test various techniques and exploits to "own" the phone and happily demonstrated their handwork about a month later at DEFCON.
Miller and Mulliner's demo of the SMS flaw scared DEFCON iPhone owners into quickly turning off SMS functionality and Apple (News - Alert) not-so-coincidentally pushed out a software update (iPhone 3.0.1) closing the hole the following day. In the worst case scenario, the most serious attack – completely taking over the phone – would take hundreds of messages and anywhere from 8 to 10 minutes to take place, with the only evidence being a low battery.
However, Apple doesn't have a monopoly on SMS bugs. The duo has discovered a similar bug in Windows Mobile for complete remote control of Microsoft (News - Alert)-based devices and they also exploited a bug in Android – since patched – to knock a phone off a wireless network for about 10 seconds. No official word yet on a security patch for Windows Mobile, but the bigger concern is that Windows Mobile users aren't as indoctrinated in the periodic ritual of software updates as iPhone or Android users.
Another talk at DEFCON presented a way to implement mobile text message "spam" in an easy and straightforward fashion – and you thought those autobot calls about your car warranty being up were annoying. Brandon Dixon of G2 (News - Alert) (ww.g2-inc.com) has developed an off-the-shelf method of setting up a XMPP/Jabber server to mass mail text messages through one service provider and he should be releasing the web application towards the end of the month.
The underlying moral to this story is that smartphones have become Yet Another Computing Device in all aspects – and that includes having to manage them from a security perspective. The only "good" news for North American users is that iPhone, Windows Mobile, and Android users haven't seen anything compared to the number of viruses targeting Nokia's (News - Alert) Symbian operating system.
Follow ITEXPO on Twitter: twitter.com/itexpo
Doug Mohney is a contributing editor for TMCnet and a 20-year veteran of the ICT space. To read more of his articles, please visit columnist page.
Edited by Tim Gray
Internet Telephony Magazine
Click here to read latest issue
CUSTOMER 
Cloud Computing Magazine
Click here to read latest issue
IoT EVOLUTION MAGAZINE
