Vigil@nce : Windows Mobile, identity spoof via MMS
September 2009 by Vigil@nce
An attacker can send a MMS Notification to a mobile (Blackberry
8800, Windows Mobile or Sony Ericsson W810i/W890i), which do not
correctly display the sender.
Severity: 1/4
Consequences: disguisement
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: unique source (2/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 14/09/2009
IMPACTED PRODUCTS
– BlackBerry Enterprise Server
– Microsoft Windows Mobile
DESCRIPTION OF THE VULNERABILITY
When a new MMS message is available, the mobile receives a "MMS
Notification" via SMS. If the user wishes to read this MMS, the
mobile downloads it via WAP. MMS Notifications use the PDU
M-Notification.ind format, which defines fields such as From,
Subject and X-Mms-Content-Location.
However, some mobiles (Blackberry 8800, Windows Mobile or Sony
Ericsson W810i/W890i) display values from the From and Subject
fields, without displaying the phone number of the sender.
An attacker can therefore use the identity of a trusted sender in
the From field, in order to deceive the victim receiving this MMS
Notification. The victim can then accept to download a malicious
MMS file.
CHARACTERISTICS
Identifiers: adv04-2009, VIGILANCE-VUL-9023
http://vigilance.fr/vulnerability/Windows-Mobile-identity-spoof-via-MMS-9023