27C3 - Version 1.6.3

27th Chaos Communication Congress
We come in peace

Referenten
Collin Mulliner
Nico Golde
Programm
Tag Day 1 - 2010-12-27
Raum Saal 1
Beginn 17:15
Dauer 01:00
Info
ID 4060
Veranstaltungstyp Vortrag
Track Hacking
Sprache der Veranstaltung englisch
Feedback

SMS-o-Death

From analyzing to attacking mobile phones on a large scale.

Smart phones, everybody has a smart phone! No! Just about 16% of all mobile phones are smart phones! Feature phones are the most common type of mobile phone in the world. Some time ago we decided to investigate the security of feature phones. In this talk we show how we analyzed feature phones for SMS security issues. We show our results and the kind of attacks that are possible with our bugs.

This talk is about security analysis of a class of mobile phone the so-called "feature phones". We show how we analyzed these type of phones for SMS security issues and what kind of problems to overcome in the process. We show results for the major mobile phone manufacturers in the world. Everyone of them has problems. Finally we show what kind of global scale attacks one can carry out with these kind of bugs. The attacks range from interrupting phone calls, to disconnecting people from the network, and sometimes even bricking phones remotely.

The talk is structured in the following way:

  • Introduction to the Topic
  • Problem Description
  • The Analysis (major part of the talk)
  • Analysis Results
  • A look at the Operator Network
  • Attacks based on our Results
  • Conclusions