Published on 28 Mar 2014 | over 2 years ago
We have discovered a new type of attacks against HTML5-based mobile apps. In this video, we demonstrate if an HTML5-based mobile app uses unsafe APIs to display SMS messages, attackers can send a text message to the victim with a piece of malicious code embeded in the message. The malicious code, once triggered, can not only cause damage to the victim's phone (e.g. stealing data), it can also send a copy of itself to the victim's friend, using the information found in the victim's contact.
Using SMS messages is just one of the ways that can be used for such attacks. In my channel, you can find several other demos that use different methods to launch attacks, such as Wi-Fi hotspot, 2D barcode, NFC tag, MP3 files, etc. Full details of this attack can be found in web site: