The android-sms-spoof App and this Document: http://www.csc.ncsu.edu/faculty/jiang/send_sms_leak.html does not have any in common...
With the new Vulnerability you are able, as the authors says, to really send sms. The SpoofSMS App only puts a message to your inbox and fakes that it was received. So there are basicily two different types of exploits. The SpoofSMS makes you able to for example Phish for Data or send users fraud sms. The other exploit, which has not been published yet i think, allows you to really send an sms to another device without requesting the proper permissions! greetings On Wed, 5 Dec 2012 16:40:28 -0800 (PST), babysnow <hdj1...@gmail.com> wrote: > Thanks for answering. Actually, I read the post in this group already. > It's this topic: > https://groups.google.com/forum/#!topic/android-security-discuss/WGd20vdyaqgis > it correct?I tried out this sample application > https://github.com/thomascannon/android-sms-spoofIt can fake a sender's > number, and send out SMS without any permission.What I actually want to > do is compose a SMS with the device self's number and send it out.Is > there any clue for doing this? > Thanks. > On Wednesday, December 5, 2012 6:36:18 PM UTC-6, Kristopher Micinski > wrote:It's not really all that complicated, as I remember. I think this > was > discussed rather recently if you search the history of this group. I > think someone even pointed out a component that should be gated by the > SEND_SMS permission but was not, essentially reducing the attack to a > typo, where we wanted the permission enforced, but the check was > simply omitted. > > Kris > > On Wed, Dec 5, 2012 at 7:13 PM, babysnow wrote: >> Prof. Xuxian Jiang's group announced a new security loophole of > Android. >> It can use the functionalities provided by SEND_SMS without any > permission. >> See: >> http://www.csc.ncsu.edu/faculty/jiang/send_sms_leak.html [1] >> >> I am not a hacker and I am purely out of interest. How can they achieve > >> SEND_SMS without any permission? >> >> -- >> You received this message because you are subscribed to the Google > Groups >> "Android Security Discussions" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/android-security-discuss/-/X4Rd9M5m7J4J > [2]. >> To post to this group, send email to >> android-secu...@googlegroups.com. >> To unsubscribe from this group, send email to >> android-security-discuss+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en [3]. > > -- > You received this message because you are subscribed to the Google > Groups "Android Security Discussions" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/android-security-discuss/-/RhHzcfGQlfoJ > [4]. > To post to this group, send email to > android-security-discuss@googlegroups.com. > To unsubscribe from this group, send email to > android-security-discuss+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > > Links: > ------ > [1] http://www.csc.ncsu.edu/faculty/jiang/send_sms_leak.html > [2] > https://groups.google.com/d/msg/android-security-discuss/-/X4Rd9M5m7J4J > [3] http://groups.google.com/group/android-security-discuss?hl=en > [4] > https://groups.google.com/d/msg/android-security-discuss/-/RhHzcfGQlfoJ -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to android-security-discuss@googlegroups.com. To unsubscribe from this group, send email to android-security-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
