Las Vegas - Researchers at Black Hat security conference Thursday showed how an attacker can spoof the type of SMS message that appears to be sent from the carrier or any other reliable source.

The attack on the MMS (Multimedia Messaging Service) messages like SMS messages that could allow an attacker to fraudulently forcing the recipient to visit the malicious Web site or in the long run, do something else to harm the phone or data theft.

Attacks can work on any type of phone is MMS-enabled and works on the Global System for Mobile Communications (GSM) network, said Zane lackey, a senior adviser to ISEC Partners, as well as an independent researcher Luis Miras.

They used a jailbroken iPhone to their demos of their proof-of-concept code that allows you to circumvent the protection of the carrier for SMS messages by sending a specially crafted MMS messages.

SMS messages used by carriers to do the administration on the phone and contact clients. For example, voice mail notifications are often made for SMS, according to footman.

As a result of such communications administrator for trust beneficiaries, despite the fact that they generally do not indicate the source of the message and other details, they said. Hoaxes can be any of the reliability of the company as a bank or PayPal.

“This is a question of the carrier,” Miras said. “We know them and they are working on a solution.”

The researchers also shared information with the GSM Alliance, which provides detailed information on the use of carriers, they said.

In a demo, they sent the victim reported that the proposed $ 20 credit, and includes a reference to the alleged malicious site. Other researchers Demos sent fake voice mail alert and sent an SMS which prompted the addressee to accept or reject the new settings is unknown.

If the recipient accepted the changes, believing they are something from the usual carrier, an attacker can use the permission to do things behind the scenes, as the route of all the numbers of Internet traffic through the server to the attacker, not the carrier’s server, which allows attacker to spy on all messages.

In the SMS used by researchers have shown possible for an attacker to gain access to “circumvent the carrier spoofing protection including anti-malware filtering footman said. These attacks can also be used to determine what operating system you are so that someone can start an attack that targeted programs, “he said.

Lucky and Miras has released a tool called Taft (There in the attack for this), which automates the fulfillment of the shortcomings that were corrected. He does not allow for the spoofing issues that carriers have the address, they said.

SMS attacks become easier, because iPhones and Android devices could be easily modified, because the SMS functionality was built at the higher layers, which provide full access to the attacker, said footman.

Researchers also said that they found the lack of implementation of SMS, that they are temporarily crash on the Android phone of the phone so does not require or texts can be sent or received. Google fixed flaw, which, they said.

They also discovered a flaw in a third-party iPhone app to SwirlySpace, that the interference with the phone and texting capabilities and that also was recorded, Miras said.

There are not very much can do to protect yourself from these attacks, except to be careful SMS as a whole, “he said.