Thursday, August 27 2009
this blog post is long overdue, but due to traveling and catching up on work
this had to wait.
Black Hat USA had quite a few mobile security related talks, the slides are here: Exploratory Android Surgery by Jesse Burns (haven't read this yet), Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone by Vincenzo Iozzo and Charlie Miller. Attacking SMS by Zane Lackey and Luis Miras, Is Your Phone Pwned? Auditing, Attacking and Defending Mobile Devices (only the white paper - no slides so far) by Kevin Mahaffey and Anthony Lineberry and John Hering. The stuff for our talk Fuzzing the Phone in your Phone by Charlie Miller and myself is here.
It was nice to see that Zane and Luis took my MMS research and followed some
ideas I had and made them work. Especially the part about running a your
own MMSC (MMS Server). At the point in time where I tested this it did not
work because the WAP-gateway that is configured in the MMS profile only
connects to the MMSC of the mobile operator. I tested this with multiple
US providers and some German providers in 2005/2006. I guess I have to
do some testing here in Germany to see if anything changed for our
local operators.
HAR2009 had a few interesting talks too. In no particular order: Cracking A5 GSM encryption by Karsten Nohl,
Public transport SMS ticket hacking by Pavol Luptak, OpenBSC - running your own GSM network by Harald Welte (the slides are the same as the 25C3 slides),
Airprobe - Monitoring GSM traffic with USRP by Harald Welte (could not find any slides, somebody took notes and put them here).
Did anything else happen in August? I think there was something but I can't remember. Hints welcome!
Thursday, August 20 2009
It looks like I'm going to speak at SEC-T in Stockholm (Sweden). I'll talk about the SMS Security Research I've done
together with Charlie Miller.
I'm really looking forward to go to Stockholm since I love both Sweden and Stockholm!
Friday, August 14 2009
CellConMon is a simple mobile phone network connectivity monitor that
tells you when you lose and re-gain connectivity with the mobile phone network (GSM/3G). The application just uses the notification bar
and the LEDs to notify you about connectivity changes. There is no application or GUI.
I created the tool as a countermeasure for our SMS-based Denial-of-Service attack where we can knock Android phones of the network. The
tool will notify (notification bar massage and RED blinking LED) you if you lose connectivity. I also found it to be useful in normal (not being
attacked) situations where you lose connectivity due to being underground or whatever.
The tool is in the Market but can also be downloaded from my Android page.
Thursday, August 13 2009
Friday, August 07 2009
I just created the SMS security research page in order to
publish the slides from our (Charlie and myself) talk at Black Hat USA 2009 titled: Fuzzing the Phone in your Phone.
The injection frameworks for the iPhone, for Android, and for Windows Mobile are available for download just now.
Charlie provided his Sulley fuzzing test cases. The page is far from complete as we have more tools and scripts to share. But
since I'm on vacation/business trip (depending on the actual day) I didn't find time to sort it all out.
I also updated my iPhone Security page with the link to Apple's security advisory for the
vulnerability we reported. iPhone OS 3.0.1 fixes this vulnerability.