SMS to Meterpreter: Fuzzig USB modems presented at NullCon2013 2013

by Rahul Sasi,

Tags: Security

Summary : “You can run, you can hide but you can’t escape these exploits”. There is already a lot of research done on SMS attacks on mobile phones by Collin mullier, Charlie Miller, Nico Golde. Based on their research it was easy to find SMS payloads that crashed the phones but reliable code execution was hard on the mobile platforms. As well as the limitation of character that could be send over SMS was an issue. In the case of USB modems, it was easy to write a reliable exploits once we found a poc crash. Another main reason is no user interaction required, as soon as SMS is received on modem the parser[dialer] tries to read the data and extract the database and move it to the local database. A normal web browser or network layer attacks need either user interaction or their target to be online attacks. But SMS based exploit does not have these drawbacks, as soon as a victim gets online his service provider would forward the message to his Inbox. Mass exploitation and high reliability of targets, since these modems have a phone no which lies in a particular series, so all the phone numbers starting with xxxxxx1000 to xxxxxx2000 would be running a particular version of USB modem software so the impact is large.