My dad is getting strange SMS texts to his iPhone 4
Some examples:
#PWD123456#WHL003=2308480298
#PWD123456#WHL004=2398480389
#PWD123456#WHL002
#PWD123456#WHL002
#PWD123456#STATUS?
#PWD123456#OUT1=ON
Googling reveals this GSM-Auto Controller user manual (PDF).This document discusses how the codes above can be used to reprogram GSM SIM cards. Is this a real danger for iPhones? Is there anything that he should be concerned about with these?
Regarding your dad's iPhone, there's nothing to worry about. This is just an automated attack against Wafer GSM-AUTO (SMS-capable) devices.
The Wafer GSM-AUTO is a very simple Microcontroller. You can think of it as a remote power switch. It control anything from a security door switch to a normal light switch.
I'll try to translate the commands for you
#PWD123456 : Use the password 123456, which is the default
password for this device. We all know how common it is for people to
leave the default passwords.
#WHL004=2398480389 : Add the number 2398480389 to the list of white-listed numbers.
#STATUS : You're basically asking the unit to give you all the information about it. A real device would have responded to the attacker with an SMS containing information about the whitelist, the status of the system, the mode of operation, and other information. Basically the device will send you all the information you need to continue the attack.
#OUT1=ON : As with any simple-to-use microcontroller, usually users will use the first ports for their outputs. Here the attacker is attempting to switch on the port #1. This could be a garage door, for example.
There's a high probability that this is not an attack, this is very likely just someone testing his new Wafer GSM-AUTO device and mistakenly typed the wrong number. Hey, it could be one of your dad's friends (If your dad's name starts with "A", that's even more likely).
