In the Black Hat security show, researches demonstrated on Thursday how a smartphone can be “forced” to visit a malicious URL or install an app without the owner’s knowledge.
John Hering, chief executive of Flexilis which provides software that protect mobile phones from attact, said that the vulnerability affects phones that were misconfigured by the OEM so that they can accept any messages sent through WAP Push. He further said that users should only accept WAP Push messages from trusted parties such as their mobile phone operators.
He and Kevin Maheffey, Chief Technology Officer at Flexilis, are releasing a free tool – “Fuzzit” – so you guys can test whether your mobile is vulnerable and fix the issue.
Oh, and so far, the vulnerability only seem to span on Windows Mobile devices (including HTC, Motorola an d Samsung). The researchers said they haven’t determined yet whether the iPhone or other devices are also vulnerable.
No need to panic though, Microsoft as well as carriers were already notified and now have their hands full working on fixes. 🙂