On Tue, Apr 10, 2012 at 10:10 PM, Jeffrey Walton <[email protected]> wrote: > On Tue, Apr 10, 2012 at 11:00 AM, Meryeme Ayache > <[email protected]> wrote: >> hey everybody!! >> I am wondering how can we snif and interpt sms texts on Android! is >> there a way to do that and if yes please can you share the method? > Ask for the RECEIVE_SMS permission and use BroadcastReceiver. To be > first in SMS receiver chain, set android:priority under > <intent-filter>. If you want to swallow a legit sms message for > another component (such as an autheticator in a two factor system), > call abortBroadcast. > > Two factor authentication using a cell phone was recently broken: > "Two-channel breached: a milestone in threat evaluation, and a floor > on monetary value", > http://financialcryptography.com/mt/archives/001349.html SMS-Controlled Malware Hijacking Android Phones, http://www.securityweek.com/sms-controlled-malware-hijacking-android-phones
Called TigerBot, the recently discovered malware was found circulating in the wild via non-official Android channels. Once again, this discovery is proving the sensibility of only installing official applications, and only those available from known, legitimate sources such as Google Play. TigerBot will hide itself on a compromised device by forgoing an icon on the home screen, and by masking itself with a legit application name such as Flash or System. Once installed an active, it will register a receiver with a high priority to listen to the intent with action “android.provider.Telephony.SMS_RECEIVED.” “Upon receiving a new SMS message, TigerBot will check whether the message is a specific bot command. If so it will prevent this message from being seen by the users and then execute the command accordingly,” NQ explained on their blog. ... -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
