26C3 - 26C3 1.15

26th Chaos Communication Congress
Here be dragons

Collin Mulliner
Tag Day 2 - 2009-12-28
Raum Saal3
Beginn 18:30
Dauer 01:00
ID 3507
Veranstaltungstyp Vortrag
Track Hacking
Sprache der Veranstaltung englisch

Fuzzing the Phone in your Phone

In this talk we show how to find vulnerabilities in smart phones. Not in the browser or mail client or any software you could find on a desktop, but rather in the phone specific software. We present techniques which allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices.

This method does not use the carrier and so is free (and invisible to the carrier). We show how to use the Sulley fuzzing framework to generate fuzzed SMS messages for the smart phones as well as ways to monitor the software under stress. Finally, we present the results of this fuzzing and discuss their impact on smart phones and cellular security.

Archived page - Impressum/Datenschutz