Several different security vulnerabilities that could allow hackers to hijack mobile phones using SMS messages have been revealed by security researchers.
A number of presentations at this year’s Black Hat security conference in the US have demonstrated how the SMS service can allow hackers to take control of a wide range of different mobile phone models, with no need for any more information than the users phone number.
One exploit uses a memory corruption bug in the way Apple’s iPhone handles SMS messages that can be used to take control of the iPhone and make calls, steal data, send text messages and do anything else the owner could do.
Independent Security Evaluators, the research company that discovered the hack, said that Apple was made aware of the problem six weeks ago, although there it has not yet released a patch to fix it.
Another vulnerability, this time demonstrated by security company Flexilis, showed how Windows Mobile devices can be forced to visit malicious URLs or install applications without the user’s permission. The bug only effects mobiles that have been misconfigured by the original equipment manufacturer, which allows WAP Push messages to be accepted from any sender, instead of just trusted parties.
The exploit has been found on smartphones from HTC, Samsung and Motorola, although not all models or makes of a particular phone have the bug.