Disadvantages of mobile communication standards give fraudsters the opportunity without the knowledge of the phone owner to arrange sending SMS messages to premium rate numbers or to create difficulties in obtaining ordinary text messages.
The vulnerability concerns the messaging system for applications that are installed by operators in the SIM-card. This system is called SIM Application Toolkits. These applications are used for functions such as displaying account balance, with voice-mail or making electronic micropayments.
These applications communicate with the infrastructure operator specially formatted SMS-messages with digital signature. These messages are processed by phone, without getting into the inbox and not giving a signal to the user. In the extreme case of the phone when receiving such a report is derived from the sleep mode.
It uses secure encryption technology data, only problem is that if a team can not be executed, then the operator is sent an error message. This opens up two possibilities for hackers to carry out malicious actions.
In the first case, an attacker can use this service to spoof a carrier number on the number for paid SMS, as a result of money from the account will be transferred to the victim by the attacker. Thus attackers can not control directly the process of sending service messages, but this does not diminish the danger of such actions.
In the second case, in response to a request sent to the operator deliberately corrupted messages that are interpreted by the system as undeliverable, the request is sent again, and again it comes to “damaged” answer. The process of looping and the usual SMS-messages on the phone did not pass. It turns out that sort of DoS-attacks.
Vulnerability was highlighted by an expert named Bogdan Alec at a security conference DeepSec, held in Vienna (Austria).
Alec tested the attack on the device manufacturer Samsung, Nokia, HTC, RIM and Apple. Protect against the vulnerability can only be on the phones of Nokia – the menu of these devices allows the confirmation before sending a service message.However, by default this option is disabled. Operators could minimize attacks by filtering messages in the format of SIM Toolkit and holding up a “white list” numbers that are allowed to send them. However, Alec said that he is still one of the operators to apply such controls, even after testing the device attacks on mobile operators in Romania, Bulgaria, Austria, Germany and France.
Alec spoke about the vulnerability of computer response team for emergencies (Computer Emergency Response Team) and the number of vulnerabilities have been localized, but no details of when the fix can be made. Alec said that, in any case, this problem easier to solve with the help of message filtering operators rather than trying to update millions of phones.