...stuff I do and things I like...

Thursday, August 27 2009

Mobile Security News August 2009

this blog post is long overdue, but due to traveling and catching up on work this had to wait.

Black Hat USA had quite a few mobile security related talks, the slides are here: Exploratory Android Surgery by Jesse Burns (haven't read this yet), Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone by Vincenzo Iozzo and Charlie Miller. Attacking SMS by Zane Lackey and Luis Miras, Is Your Phone Pwned? Auditing, Attacking and Defending Mobile Devices (only the white paper - no slides so far) by Kevin Mahaffey and Anthony Lineberry and John Hering. The stuff for our talk Fuzzing the Phone in your Phone by Charlie Miller and myself is here.

It was nice to see that Zane and Luis took my MMS research and followed some ideas I had and made them work. Especially the part about running a your own MMSC (MMS Server). At the point in time where I tested this it did not work because the WAP-gateway that is configured in the MMS profile only connects to the MMSC of the mobile operator. I tested this with multiple US providers and some German providers in 2005/2006. I guess I have to do some testing here in Germany to see if anything changed for our local operators.

HAR2009 had a few interesting talks too. In no particular order: Cracking A5 GSM encryption by Karsten Nohl, Public transport SMS ticket hacking by Pavol Luptak, OpenBSC - running your own GSM network by Harald Welte (the slides are the same as the 25C3 slides), Airprobe - Monitoring GSM traffic with USRP by Harald Welte (could not find any slides, somebody took notes and put them here).

Did anything else happen in August? I think there was something but I can't remember. Hints welcome!

Thursday, August 20 2009

Speaking at SEC-T

It looks like I'm going to speak at SEC-T in Stockholm (Sweden). I'll talk about the SMS Security Research I've done together with Charlie Miller.

I'm really looking forward to go to Stockholm since I love both Sweden and Stockholm!

Friday, August 14 2009


CellConMon is a simple mobile phone network connectivity monitor that tells you when you lose and re-gain connectivity with the mobile phone network (GSM/3G). The application just uses the notification bar and the LEDs to notify you about connectivity changes. There is no application or GUI.

I created the tool as a countermeasure for our SMS-based Denial-of-Service attack where we can knock Android phones of the network. The tool will notify (notification bar massage and RED blinking LED) you if you lose connectivity. I also found it to be useful in normal (not being attacked) situations where you lose connectivity due to being underground or whatever.

The tool is in the Market but can also be downloaded from my Android page.

Thursday, August 13 2009

USENIX Security 2009

currently I'm hanging out at USENIX Security in Montreal. Talks are quite good and Montreal is a nice city to visit.

I just found out that our paper Injecting SMS Messages into Smart Phones for Security Analysis is already available for download. I also uploaded my slides for the talk. It is available on my SMS Security Research page.

Friday, August 07 2009

SMS Security Research

I just created the SMS security research page in order to publish the slides from our (Charlie and myself) talk at Black Hat USA 2009 titled: Fuzzing the Phone in your Phone.

The injection frameworks for the iPhone, for Android, and for Windows Mobile are available for download just now. Charlie provided his Sulley fuzzing test cases. The page is far from complete as we have more tools and scripts to share. But since I'm on vacation/business trip (depending on the actual day) I didn't find time to sort it all out.

I also updated my iPhone Security page with the link to Apple's security advisory for the vulnerability we reported. iPhone OS 3.0.1 fixes this vulnerability.