ROM SMS installer…really?

While reading my twitter follows this morning I have found this: http://www.xatakandroid.com/aplicaciones-android/flashear-una-nueva-rom-via-sms-ya-es-posible

It happened no more than few secons until I begun to though about the possible security implications this system may led to. As far as I could see here: http://forum.xda-developers.com/showthread.php?t=2720677 , the app just allows your mobile to perform a download and installation of lastest rom in case a particular formatted SMS were received.

Now let us think how we restrict this. Will it use mobile phone sender to restrict when this will be done? Well, it does not really matter, as long as SMS sender has been from some time ago easily faked.

Will it be using a particular keyword inside the specific format of this SMS. Well this shall be a password and all we know that passwords can be broken. The easiest case would be by brute-forcing, but we can not dismiss things like GSM-faking and even in the near future UMTS faking as I have recently read an article where it was stated that UMTS might be faked in a similar way that the GSM is, despite the network having to authenticate agains the device (http://www.hojaderouter.com/seguridad/redes-3g-seguridad-ataques/12437)

This being said, it seems this system is restricted to Cyanogen ROMS, so you cannot tell the mobile from where to download the ROM to install, you can just tell it, ‘hey download and install the lastest stable. This in a way relieves the impact this might have (somebody could build a hiacked ROM, and then send lots of sms to everywhere telling the mobile to apply that particular ROm, which- for instance- could be sending a summary of any of the rest of your passowrds (mail,bank accounts, whatever you can imagine)

Being discarded this (at first) we still are under the possibility of a DOS attack where an attacker could be once and over again sending formatted sms telling our mobile to download and install a ROM, so you could not even use your mobiles, as it would be continuously rebooting….

Deja un comentario