Security researcher of AdaptiveMobile Security have discovered a critical vulnerability that can allow hacker to take control of your mobile phone with just a SMS. This is how it work:
- Attacker send a specially crafted SMS, some binary code like spyware on victim mobile
- On receiving the SMS, victim mobile is hacked
- Hacker takes control of the mobile and can perform any action
- hacker steals device location and other things like calling international numbers, browsing websites, ohers
- This is a remote code execution vulnerability.
According to ethical hacking researcher of International Institute of Cyber Security this vulnerability is exposing billions of mobile phone users on this planet.
The attacker could exploit the flaw to:
- Retrieve targeted device’ location and IMEI information,
- Spread mis-information by sending fake messages on behalf of victims,
- Perform premium-rate scams by dialing premium-rate numbers,
- Spy on victims’ surroundings by instructing the device to call the attacker’s phone number,
- Spread malware by forcing victim’s phone browser to open a malicious web page,
- Perform denial of service attacks by disabling the SIM card, and
- Retrieve other information like language, radio type, battery level, etc.