http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=218800192 By Thomas Claburn InformationWeek July 29, 2009 07:08 PM In a presentation at the Black Hat security conference in Las Vegas on Thursday, security researchers Charlie Miller and Collin Mulliner are scheduled to discuss SMS vulnerabilities that affect various mobile platforms, including Android, iPhone, and Windows Mobile. Using the Sully fuzzing framework, the researchers have developed a way to identify flaws in SMS systems in mobile devices. Fuzzing is a form of automated software testing that involves entering random or unexpected data. Crashes or unexpected behavior arising from such input can then be analyzed as a potential vulnerability. "Until now most of the SMS related security issues have been found by accident," state Miller and Mulliner in a paper that describes their approach. This, they explain, is because sending SMS messages costs money and because lack of access to source code for SMS implementations has meant hunting for bugs by trial and error. The two researchers created a layer, called the injector, just above the bottom of the telephony stack that performs a man-in-the-middle attack by intercepting communication between a mobile device's modem and multiplexer. [...] _______________________________________________ Attend Black Hat USA, July 25-30 in Las Vegas, the world's premier technical event for ICT security experts. Network with 4,000+ delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.comReceived on Thu Jul 30 2009 - 03:16:53 PDT
This archive was generated by hypermail 2.2.0 : Thu Jul 30 2009 - 03:24:38 PDT