Exploit via Radio Interfaces

The mobile device may be targeted for exploitation through its interface to cellular networks or other radio interfaces.

Baseband Vulnerability Exploitation

A message sent over a radio interface (typically cellular, but potentially Bluetooth, GPS, NFC, Wi-Fi or other) to the mobile device could exploit a vulnerability in code running on the device. D. Komaromy and N. Golde demonstrated baseband exploitation of a Samsung mobile device at the PacSec 2015 security conference. [1] Weinmann described and demonstrated "the risk of remotely exploitable memory corruptions in cellular baseband stacks." [2]

Malicious SMS Message

An SMS message could contain content designed to exploit vulnerabilities in the SMS parser on the receiving device. For example, Mulliner and Miller demonstrated such an attack against the iPhone in 2009. [3] An SMS message could also contain a link to a web site containing malicious content designed to exploit the device web browser. Vulnerable SIM cards may be remotely exploited and reprogrammed via SMS messages. [4]

ID: T1477

Tactic Type:  Post-Adversary Device Access

Tactic: Initial Access

Platform:  Android, iOS

Version: 1.0

Mitigations

MitigationDescription
Security Updates
Use Recent OS Version

Examples

NameDescription
Pegasus for iOS

Pegasus for iOS was delivered via an SMS message containing a link to a web site with malicious code.[5]

References