酷辣~

is there anyway to protect against midnight raid and the control sms, besides the fact that you shouldnt run wifi. could it be possible that instead of the exe sending the sms couldnt it very well make the vicitim's wifi turn on?

CooL : 

this is totally retarded the "tool" he is using i have used a hundred times to push SMS , but what phone opens a web browser without the user opening the wap link. God i hate these guys

This attack uses wap push, there are 2 types - service indicator and service load. This uses the Service load which some handsets respond to. It is not set in the 3GPP specifications how handsets react so there are some that will and some that won't, it's nothing to do with windows or the browser but all about how the handsets respond when receiving a WAP-Push SL message.

what kind of sms message will cause IE to open ? I have never seen that happen without user intervention

I received a call from 951-283-3740 in the middle of the night. It is a number I've never called from Ontario, CA. I don't know anyone there. I've been there only once in between flights at the airport. I remember using my phone a couple of times to call home and surf the internet. Could my cell phone have been hijacked?

After receiving the call and looking up where it was from, I turned my phone off and removed the battery.

Жора где ты был! Ачгес!

It is ONLY Win Mobile

For those in denial - do you still remember the first time your PC was "attacked" by a virus? 2 years ago several thousand Nokia users fell victim to bluetooth attacks in SA and their phones has to be rescued with a complete reinstall. The fact that you can log onto the web, or have wap access makes you susceptable to a myriad number of attacks. Wise up.

@vincegp

Exactly, the fact that your phone has Internet access opens it up to all kinds of attacks and even vulnerabilities. Of course, it all depends on the operating system the phone is using and which browser, I think that makes a difference.

Besides, technology is always evolving, so anything is possible actually.

In fact, I have one of those physical keyboard phones, which has a mind of it's own and does it's own thing, you would really have to see it to believe it.

sounds like sensational hyperbole.

one unnamed phone which can be configured insecurely does not warrant a new class of attack with a titillating name.

also if you just downloaded the tool off the internet, you're hijacking someone else's research without giving them credit. way to go.

Don't worry too much, it's just a way these guys want to sell their services.

Almost all operations require user intervention or a very stupid user that will even change the default security settings and override security. Even naive or very unexperience ones - my grandma or so - won't do that.

So what "tools" are being used? Lets see that site your using.

lol

Is this hack is only for Win mo or Nokia S60v3 is also prone to it

Everything that has a beginning, has an end. So is Windows Mobile.

would a lock on your internet browsing application stop this?

Sounds to me like the user has zero security set up in this scenario. I'm notified that I've received an sms, but it's not automatically opened and when a connection is being made to the internet, I need to tell my phone which connection to use, 3G, wifi, etc. , before it will actually connect.

Damn... That means they can find my GPS location.

Is my android phone effected? What is the nature of the attack? Is it a buffer overflow or some other bug?? share pleeeeeeeeeeeaaaaaaaasssse

i noticed that also. can someone on trustdigital confirm? thanks.