Ars Technica – (International) Smartphone hijacking vulnerability affects AT&T, 47 other carriers. Computer scientists identified a vulnerability in the network of AT&T and at least 47 other cellular carriers that allows attackers to surreptitiously hijack the Internet connections of smartphone users and inject malicious content into the traffic passing between them and trusted Web sites. The attack, which does not require an adversary to have any man-in-the-middle capability over the network, can be used to lace unencrypted Facebook and Twitter pages with code that causes victims to take unintended actions, such as post messages or follow new users. It can also be used to direct people to fake banking sites, and to inject fraudulent messages into chat sessions in some Windows Live Messenger apps.
Ali Loney, on May 21, 2012