The recently announced SMS vulnerability discovered by Charlie Miller that affects Apple iPhone, Palm Pre, Windows Mobile and Google Android devices highlights the importance of network level protections for the mobile network. The vulnerability, which can enable an attacker to gain full access of a device by sending specially coded SMS messages to the device, was first released to mobile device manufacturers and mobile operating system providers in early July. However, several device manufacturers and OS providers have not yet made a patch available to users that addresses the vulnerability.

Once a patch is available, the process of getting millions of subscribers on the network to update their devices to the latest patch level, across multiple smartphone operating systems is ominous. Some of these devices, including the Apple iPhone do not support over the air provisioning for a patch – meaning that users would have to manually upgrade their devices themselves. Waiting for users to do this on their own may take months–all the while leaving users vulnerable to this serious attack.

Conversely, solutions that provide SMS protection in the network infrastructure could prevent this attack from infecting devices immediately. Network level solutions are able to block malicious SMS messages before they are sent to the device, preventing the messages from ever arriving at the device in the first place. This has several benefits. The network level solution would:
1. Be able to protect multiple device types
2. Provide protection without user involvement or awareness
3. Provide protection without device manufacturer or operating system vendor involvement
4. Immediately protect all subscribers upon deployment

This type of protection requires a relatively advanced solution to be in place in the mobile network infrastructure. Today, not all network infrastructures support this type of capability. However, Cloudmark believes that we will see this become more and more common as a means to protect against attacks of this nature in the coming months and years.

First day at Black Hat, and aside from it being very hot here, the show is going very well. There is a lot of chatter regarding the practical implications of an MD2 preimage attack as well as how several white-hat hackers were compromised in the past week. There is also the typical chattering of the standard fare of web application security research and associated attacks and defense techniques.

The most interesting material will probably be presented today, during the mobile threats track – got a sneak preview at a new SMS attack that is pretty impressive and may cause migraines for unprepared mobile providers in the next few months. Other than that, curious to see what the other presenters have to say about the mobile platforms they have examined.

http://www.blackhat.com/