Attacking Sms presented at BlueHat 2009

by Luis Miras, Zane Lackey (iSEC Partners ),

Tags: Security

Summary : With the increased usage of text messaging around the globe, SMS provides an ever-widening attack surface on today's mobile phones. From over-the-air updates to rich content multimedia messages, SMS is no longer a simple service to deliver small text-only messages. In addition to its wide range of supported functionality, SMS is also one of the only mobile phone attack surfaces which is on by default and requires almost no user interaction to be attacked.
This talk will seek to inform the audience of threats to today's mobile phones posed by hostile SMS traffic. We will discuss attacking the core SMS and MMS implementations themselves, along with third-party functionality that can be reached via SMS. Results of testing against mobile platforms in real-world situations will be presented.
In addition to our own results, we will discuss and release a number of tools to help users test the security of their mobile devices. Finally, we will demonstrate and release an iPhone-based SMS attack application that facilitates a number of the attacks we discuss.