27C3 - Version 1.6.3

27th Chaos Communication Congress
We come in peace

Speakers
Collin Mulliner
Nico Golde
Schedule
Day Day 1 - 2010-12-27
Room Saal 1
Start time 17:15
Duration 01:00
Info
ID 4060
Event type Lecture
Track Hacking
Language used for presentation English
Feedback

SMS-o-Death

From analyzing to attacking mobile phones on a large scale.

Smart phones, everybody has a smart phone! No! Just about 16% of all mobile phones are smart phones! Feature phones are the most common type of mobile phone in the world. Some time ago we decided to investigate the security of feature phones. In this talk we show how we analyzed feature phones for SMS security issues. We show our results and the kind of attacks that are possible with our bugs.

This talk is about security analysis of a class of mobile phone the so-called "feature phones". We show how we analyzed these type of phones for SMS security issues and what kind of problems to overcome in the process. We show results for the major mobile phone manufacturers in the world. Everyone of them has problems. Finally we show what kind of global scale attacks one can carry out with these kind of bugs. The attacks range from interrupting phone calls, to disconnecting people from the network, and sometimes even bricking phones remotely.

The talk is structured in the following way:

  • Introduction to the Topic
  • Problem Description
  • The Analysis (major part of the talk)
  • Analysis Results
  • A look at the Operator Network
  • Attacks based on our Results
  • Conclusions