Forum > General discussions > General > Siemens S55 vulnerable to unauthorized SMS

New Topic Post Reply Add to Bookmarks Posts: New posts 24 hours Hot Top 20 Account: Inbox / PM Login Register   Help Search Author Siemens S55 vulnerable to unauthorized SMS axxxr Joined: Mar 21, 2003 Posts: > 500 From: Londinium PM, WWW Posted: 2004-05-05 13:38 The Phenoelit Group has discovered that Siemens S55 has a vulnerability which can cause itself to send SMS messages without the user's knowledge. The Phenoelit Group of gray-hat hackers has discovered that there are problems in the Siemens S55 time.jar java file. Usually, sending SMS messages or placing calls via Java applications requires user permission, which is obtained through an on-screen dialog. However, filling the screen with other items obscures this dialog, so that the user may unwittingly approve sending SMS messages to another number. For this to work, the attacker must trick the user into installing the malicious Java software, which isn't a difficult feat. Members of Phenoelit originally presented this vulnerability at a black hat convention in Las Vegas in 2003. While not a critical security vulnerability, this problem does represent a security bypass, and may be the first of similar exploits on cellular phones and other devices sophisticated enough to use Java technology. As always, users should not download and run untrusted applications, even on their phones. Access the forum with a mobile phone via esato.mobi New Topic Reply