Android SMS Spoofer
http://kingofdkingz99.blogspot.com/2012/11/android-sms-spoofer.html
Proof of Concept app which takes advantage of Android's
On 2012-10-30 NCSU notified Google about a "Smishing" vulnerability (1) in Android. The vulnerability appears to be due to Android exporting
This issue has been known about and used for some time (2,3,4) by test apps and apps designed to intercept, alter and pass on SMS messages. NCSU were the first to publically highlight the security vulnerability that arises from this functionality, namely that a user can be tricked into taking action on a faked SMS message.
This PoC app simply wraps existing code already made public so that the issue can be validated and countermeasures designed while users wait for the patch.
Download APK
SmsReceiverService
being exported to fake an incoming SMS with no permissions.On 2012-10-30 NCSU notified Google about a "Smishing" vulnerability (1) in Android. The vulnerability appears to be due to Android exporting
SmsReceiverService
in the com.android.mms
app with no apparent restrictions. A third party app can therefore pass
an explicit Intent to the SMS app containing a fake SMS message and the
SMS app will process it.This issue has been known about and used for some time (2,3,4) by test apps and apps designed to intercept, alter and pass on SMS messages. NCSU were the first to publically highlight the security vulnerability that arises from this functionality, namely that a user can be tricked into taking action on a faked SMS message.
This PoC app simply wraps existing code already made public so that the issue can be validated and countermeasures designed while users wait for the patch.
Download APK