Text Messaging and Short Message Service (SMS)
In addition to the IM software available for computers, text messaging also provides the capability of sending electronic messages using software that's bundled on many different handheld technologies. These include wireless handheld devices like the Blackberry, Palm Personal Digital Assistants (PDAs), two-way pagers, and cell phones that support text messaging.Text messaging services may use protocols like SMTP, but more often the Short Message Service (SMS) is used.
The SMS allows users of the service to send small electronic messages to one another through a Short Message Service Center (SMSC). When a client sends a text message, it is received by the SMSC, which attempts to send it on to the intended recipient. If the recipient is unavailable (such as when their cell phone or other device is turned off ), the SMSC will do one of two things: it will either store the message in a queue until the recipient goes online and then reattempt sending it, or it will simply discard the message.
The messages sent using SMS are limited to 140 bytes, meaning that you can send a message that contains 160 7-bit characters. However, despite the limitation, longer messages can be sent using SMS in which each message is segmented over multiple text messages. Information in the user data header identifies each message as a segment of a longer message, so it can be reassembled by the recipient's device and displayed as a complete, longer message.
SMS also has the capability of sending binary data, and is commonly used to distribute ring tones and logos to cell phone customers. Because of this capability, programming code and configuration data can also be transmitted to a user's device using SMS, causing potential security problems. As we'll see in the next section, Java programs downloaded and installed on devices could contain malicious code, as could other messages with attached files.
Text messaging is widely used in companies, with businesses often providing a BlackBerry or other device with SMS capabilities to management, IT staff, and other select personnel. While it allows these individuals to be contacted at any time, it also presents security issues that are similar to Instant Messages.This includes the ability to transmit sensitive information over an external (and possibly insecure) system. Also, unlike IM for a computer, most devices that can download files or have text messaging capabilities don't have any kind of anti-virus protection. As such, you must trust that the SMSC server or other servers providing data are secure.The same applies to other services accessed through these devices. For example, devices like the BlackBerry can access e-mail from Novell GroupWise, providing a connection to an internal network's e-mail system. While viruses designed to attack cell phones and other devices that support text messaging are almost non-existent, more can be expected as the technology improves and more software is supported.
Cell Phone and Other Text Messaging Device Viruses
Viruses that infected cell phones and other text messaging devices were once considered urban legends. While you'd hear of one from time to time, they would ultimately result in being a hoax. As software can now be downloaded and installed on these devices however, the situation has changed.
In June of 2000, the Timofonica virus was designed to send messages to users of the Spanish cellular network, Telefonica. E-mail messages were sent to people's computers over the Internet, coaxing them to open an attachment. Once opened, the program would send a text message to randomly selected cell phones. While this was a fairly innocuous virus, it was a first step toward viruses that attack cell phones.
As cell phones and other devices supporting text messaging became more configurable and supported more software, actual viruses were written to directly attack these devices. The Lasco.A virus appeared in 2005 with the ability to attach itself to .SIS files on devices using the Symbian OS. When a user installed an infected file on their device, the virus would be activated. What made the virus particularly interesting is that it would send itself to any Bluetooth-enabled devices in the vicinity. Other users would receive a message stating that they had received a message, and ask if they would like to install the attachment. If they accepted, they too would be infected, and activate the worm each time their device turned on.
In this tutorial:
- Web Based Services Security
- Web Security
- Managing Access Control
- Handling Directory and Data Structures
- Eliminating Scripting Vulnerabilities
- Logging Activity
- Finding Rogue Web Servers
- Stopping Browser Exploits
- Web Spoofing
- Web Server Exploits
- SSL and HTTP/S
- Instant Messaging
- Text Messaging and Short Message Service (SMS)
- Web-based Vulnerabilities
- Dangers Associated with Using ActiveX
- Protection at the Network Level
- Programming Secure Scripts
- Understanding Code Signing
- Buffer Overflows
- Making Browsers and E-mail Clients More Secure
- Securing Web Browser Software
- Resulting from Weak CGI Scripts
- FTP Security
- Secure Copy
- FTP Sharing and Vulnerabilities
- Directory Services and LDAP Security
- Securing LDAP