![]() ![]() There is, the researchers say, the potential for a website to be triggered on the device to deliver more complex malware, but that takes the attack out of its core environment and into a more current realm. Dialling fraudulent numbers, managing network access, retrieval of device data and perhaps triggered endpoint espionage. Given the legacy environment in play here, there are limitations on the nature of attacks when compared to software infection of the device itself. And while SMS messages have been used in the past as a communication layer between malware and operator, the researchers suggest this could be the first real-world example of spyware contained within the SMS itself and the attack occupying this legacy cellular environment.Īt no time will the user of the infected device be aware of the attack. ![]() ![]() This code environment then acts as the collection and forwarding agent for the data pulled from the device.įurther SMS messages can be sent from the infected device to the attacker with the information that has been sought and collected. Again, let’s remember this is the advantage of standardization across mobiles-at their core are throwbacks to the basic GSM platforms of old. On receiving the attacker’s SMS, the SIM’s Browser becomes an execution environment, engaging with its device as SIMs have done since the industry’s early days. “Like many legacy technologies,” the researchers warn, “it is still being used while remaining in the background.” And, just as we have seen with industrial and IoT firmware issues in the billions of ignored devices surrounding us, such vulnerabilities can now be opened by sophisticated threat actors who can leverage the rudimentary security layers added a lifetime ago. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |