Researchers from the Vulnerability Lab have found high severity HTML Inject and File Include security holes in TreasonSMS, an iPhone application that allows users to send text messages from their desktop computers by turning the phone into a SMS webserver.
According to the experts, the vulnerabilities can be exploited remotely, allowing an attacker to “include malicious persistent script codes on the application-side of the iPhone.”
The security hole can also be leveraged to inject webshell scripts that would give cybercriminals complete control of the affected application directory.
If the device is jailbroken, things become even more complicated. On tampered iPhones an attacker could take control not only of the application folder, but also of the entire phone.
“The Bug is located in the input fields of the Message Sending & Message Output. An attacker can scan the victim on walkthrough because the IP of the webserver makes the TreasonSMS available to anybody without password,” Benjamin Kunz Mejri, the founder and CEO of Vulnerability Lab, explained.
“To exploit somebody on a walkthrough it’s only required to scan for the stable IP via WLAN and access the panel for exploitation.”
It’s uncertain at this time if the vendor has responded to the notification sent by the experts, but hopefully the company that develops the app will rush to address the security holes.
Security researchers from the Vulnerability Lab have done a great job this month helping organizations protect their assets, especially their public facing website.
Companies such as Apple, Microsoft and Oracle have been aided by them in fixing SQL Injection vulnerabilities, persistent script code inject flaws and other serious weaknesses that could have been leveraged by cybercriminals to launch malicious operations.
Update. Vulnerability Lab representatives revealed that the vendor has been notified some time ago, but it failed to respond. Also, the experts provided a number of images which show how the vulnerabilities they found can be exploited in Firefox, Safari and even on an iPad 2.