Intercepting outgoing data sms

by Urs Grob » Fri, 04 Sep 2009 15:13:17 GMT


Sponsored Links
 I'm trying to figure out if it's possible for some third party
application to read the content of an outgoing data sms.
I send a data sms by calling SmsManager.sendDataMessage(...).
Is there a way to intercept this by using either public or _private_ api?

I'm trying to share a secret key with the service on the other side so
it can send me an encrypted message that no other app installed can
understand. If it is possible to intercept this message I'll have to
think of another way to share the key. (e.g. over a web service)

Rooted phones or other non-standard system images are of no concern
since those users did that on purpose. All I want is to make sure that
John Doe is safe.

-- Urs



Intercepting outgoing data sms

by Dan Hein » Fri, 04 Sep 2009 22:18:33 GMT


 Have you read Burns' paper on android security?  He gives general
guidance on securing these types of things.

 http://website.isecpartners.com/files/iSEC_Securing_Android_Apps.pdf 

Since he posted the above on an earlier thread, perhaps he will
comment directly...



>


Sponsored Links


Intercepting outgoing data sms

by Urs Grob » Fri, 04 Sep 2009 23:38:21 GMT


 Thank you for that link. It's a nice overview/introduction.

I read most of this paper right now. But I'm quite used to the
security of android. So there's not really something new that would
help me. What I lack most is knowledge about the possibilities that
the public and especially private apis of the SMS internals give. I
know there's a way to read the content of the sms inbox and outbox.
And I'm wondering if SmsManager.sendDataMessage will end up in the
outbox where it can be accessed by malware, or if there's other means
of intercepting a data sms sent by that method. For example opening a
Socket to a server and directly sending data can't be intercepted by
third party apps. If it's the same for SmsManager.sendDataMessage then
I'm happy with it. But if e.g. the sms ends up in the outbox where
third party apps can access its content, then I'm forced to use a
different solution.

This would be the easiest approach for my problem because the back end
already exists. But if it is not safe enough I'll have to use another
method. that's why I'm asking about this. And I hoped for someone
familiar with the SMS code to be able to give me a short Answer on
this. :)

-- Urs




>



Intercepting outgoing data sms

by Chris Palmer » Sat, 05 Sep 2009 00:29:44 GMT


 SMS is not the right way to go about this: it is not a secure protocol, in
the sense of SSH or TLS. Just use TLS.

Check out Harald Welte's presentation from Hacking At Random 2009 in case
you're wondering how an attacker might go about hacking SMS.





I'm trying to figure out if it's possible for some third party
application to read the content of an outgoing data sms.
I send a data sms by calling SmsManager.sendDataMessage(...).
Is there a way to intercept this by using either public or _private_ api?

I'm trying to share a secret key with the service on the other side so
it can send me an encrypted message that no other app installed can
understand. If it is possible to intercept this message I'll have to
think of another way to share the key. (e.g. over a web service)

Rooted phones or other non-standard system images are of no concern
since those users did that on purpose. All I want is to make sure that
John Doe is safe.

-- Urs



Other Threads

1. Switching Views/Popup Window

Hi there,

I'm having a little trouble switching views and wondering anyone can
help. Basically the initial view is a ListActivity. On this view the
user can press the menu button which triggers a database call and when
the result comes back (either a number or a null) I require the view
to be altered to one of two views (a numberview and a nullview so to
speak).

I've had some success by doing -

Intent myIntent = new Intent(this, numberview.class);
this.startActivity(myIntent); Now this works however I can't see a way
to pass the number retrieved from the database into the new view.

I also tried to use the PopUpWindow class but to no avail, all the
examples I found only had examples for the Activity (not ListActivity)
and some of the mentioned methods don't exist. Can I get some help/
advice at all please?

-- 

2. Overriding android:textColor using theme

Hello dear Android developers !

In my app, users can choose between two themes at startup. However,
I've some problems overriding the android:textColor property using
themes.

I want to be able to change the text color (basically to white/black)
of some textview, but only these. I'm trying to do that this way:

attrs.xml:
<attr name="foregroundColor" format="reference" />

themes.xml:
        <style name="Light" parent="android:Theme.Light">
                <item 
name="foregroundColor">@color/main_message_color_light</item>
        </style>

        <style name="Dark" parent="android:Theme">
                <item 
name="foregroundColor">@color/main_message_color_dark</item>
        </style>

main_message_color_light.xml:
<selector xmlns:android="http://schemas.android.com/apk/res/android">
  <item android:state_enabled="false" android:color="#80ffffff"/>
  <item android:color="#ffffffff"/>
</selector>

On my textview, I'm doing ' android:textColor="?foregroundColor" '. My
application foreclose with this error :

"ERROR/AndroidRuntime(958): Caused by: android.content.res.Resources
$NotFoundException: Resource is not a ColorStateList (color or path):
TypedValue{t=0x2/d=0x7f01000a a=-1}"

If I replace the reference to @color/ by a hard coded color, same
error.

How can I easily set textColor with theme ?

Many thanks for your time

Seb

-- 

3. Bluetooth - Health Device Profile (HDP) and Continua

4. Install the Apk

5. WiFi proxy issue in android, solution

6. Sideline install to device using Barcode Scanner to phone without SD card

7. Droid browser fixed positioning