Class0Firewall is a Proof of Concept app that protects you against an SMS attack discovered by Bogdan Alecu. He also came up with the idea for the defense. The attack (and the defense using this app) is demonstrated at the Defcamp security conference.
ATTENTION: This App will not work on Android 4.4 KitKat. If you are running Android 4.4 I strongly suggest that you update to Android 4.4.2. In this version the FlashSMS vulnerability as well as the WAP PUSH 0-byte vulnerability is fixed and there is no need to install this app. Thanks!
To make it work simply open the app and set the values for threshold and block duration.
The message threshold is set for messages per minute that are allowed to be received. If the number of incoming messages exceeds the defined value the message gets dropped by the Class 0 Firewall.
To define how long a sender should be blocked just set the minutes in the second field.
To test if the firewalling is effective you can use tools like PDUSpy, a SMS Gateway Software or use my app HushSMS which can send Class0 messages (http://www.silentservices.de/products/android-hushsms/)
If a message gets dropped a toast message will appear. Also if a message count for a specific sender will be reset a toast message appears. The next release will show a notification icon in the notification area to make you aware that something has happened.
I am aware that an attacker might spoof the senders number. For that the next version will include a "same origin" policy.
If you have any questions about the app or find a bug please contact me via email and I will try to solve the issue as soon as possible.
Graphics from http://www.clker.com/ Mainly from OCAL, thanks!
|کنترل, ضبط و پردازش پیام های اس ام اس در حال رسیدن|