1. Home
  2. Techniques
  3. Mobile
  4. Exploit via Radio Interfaces

Exploit via Radio Interfaces

The mobile device may be targeted for exploitation through its interface to cellular networks or other radio interfaces.

Baseband Vulnerability Exploitation

A message sent over a radio interface (typically cellular, but potentially Bluetooth, GPS, NFC, Wi-Fi[1] or other) to the mobile device could exploit a vulnerability in code running on the device[2][3].

Malicious SMS Message

An SMS message could contain content designed to exploit vulnerabilities in the SMS parser on the receiving device[4]. An SMS message could also contain a link to a web site containing malicious content designed to exploit the device web browser. Vulnerable SIM cards may be remotely exploited and reprogrammed via SMS messages[5].

ID: T1477
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Initial Access
Platforms: Android, iOS
Version: 1.1
Created: 17 October 2018
Last Modified: 03 February 2019

Procedure Examples

ID Name Description
S0289 Pegasus for iOS

Pegasus for iOS was delivered via an SMS message containing a link to a web site with malicious code.[6]

Mitigations

ID Mitigation Description
M1001 Security Updates
M1006 Use Recent OS Version

References

  1. Gal Beniamini. (2017, April 4). Over The Air: Exploiting Broadcom's Wi-Fi Stack. Retrieved November 8, 2018.
  2. D. Pauli. (2015, November 12). Samsung S6 calls open to man-in-the-middle base station snooping. Retrieved December 23, 2016.
  3. R. Weinmann. (2012, August 6-7). Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks. Retrieved December 23, 2016.
  1. Andy Greenberg. (2009, July 28). How to Hijack 'Every iPhone In The World'. Retrieved December 23, 2016.
  2. SRLabs. (n.d.). SIM cards are prone to remote hacking. Retrieved December 23, 2016.
  3. Bill Marczak and John Scott-Railton. (2016, August 24). The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender. Retrieved December 12, 2016.