23C3 - 1.5

23rd Chaos Communication Congress
Who can you trust?

Collin Mulliner
Day 3
Room Saal 4
Start time 20:30
Duration 01:00
ID 1545
Event type Lecture
Track Hacking
Language English

Advanced Attacks Against PocketPC Phones

0wnd by an MMS

Smart phones are the new favorite target of many attackers. Also most current attacks are harmless, since these mostly rely on user mistake or lack of better knowledge. Current attacks are mostly based on logic errors rather then code inject and often are only found by accident. The talk will show some real attacks against smart phones and the kind of vulnerability analysis which lead to their discovery.

This talk is about a security analysis of the PocketPC MMS (Multimedia Messaging Service) client.

We will start with some background information about some older attacks against mobile phones. In the next step we will introduce to PocketPC-based phones and their security. Further we will introduce to the Multimedia Messaging Service. Here we will show how it works and how MMS messages look like under the microscope.

In the main part we analyze the PocketPC MMS client and build a fuzzer for it. Since we want avoid costs by sending real MMS messages we build our own virtual mms system and make PocketPC believe that this is the real thing.

In the end we will present the bugs and vulnerabilities we found, including the methods for exploiting them such as how to build your own MMS-client.

So far I planned to release all information that I have kept back at defcon (exploit code, mms-client, etc...).

Come to this talk if you enjoy any of the following:

networking mobile phones security fuzzing hex dumps ping floods standards