[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Black Hat: Android, iPhone SMS Flaws Revealed
From: InfoSec News <alerts () infosecnews ! org>
Date: 2009-07-30 10:16:53
Message-ID: Pine.LNX.4.61.0907300516440.24697 () conundrum ! infosecnews ! org
[Download RAW message or body]
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=218800192
By Thomas Claburn
InformationWeek
July 29, 2009 07:08 PM
In a presentation at the Black Hat security conference in Las Vegas on
Thursday, security researchers Charlie Miller and Collin Mulliner are
scheduled to discuss SMS vulnerabilities that affect various mobile
platforms, including Android, iPhone, and Windows Mobile.
Using the Sully fuzzing framework, the researchers have developed a way
to identify flaws in SMS systems in mobile devices. Fuzzing is a form of
automated software testing that involves entering random or unexpected
data. Crashes or unexpected behavior arising from such input can then be
analyzed as a potential vulnerability.
"Until now most of the SMS related security issues have been found by
accident," state Miller and Mulliner in a paper that describes their
approach. This, they explain, is because sending SMS messages costs
money and because lack of access to source code for SMS implementations
has meant hunting for bugs by trial and error.
The two researchers created a layer, called the injector, just above the
bottom of the telephony stack that performs a man-in-the-middle attack
by intercepting communication between a mobile device's modem and
multiplexer.
[...]
_______________________________________________
Attend Black Hat USA, July 25-30 in Las Vegas,
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic