26C3 - 26C3 1.15

26th Chaos Communication Congress
Here be dragons

Speakers
Collin Mulliner
Schedule
Day Day 2 - 2009-12-28
Room Saal3
Start time 18:30
Duration 01:00
Info
ID 3507
Event type Lecture
Track Hacking
Language used for presentation English
Feedback

Fuzzing the Phone in your Phone

In this talk we show how to find vulnerabilities in smart phones. Not in the browser or mail client or any software you could find on a desktop, but rather in the phone specific software. We present techniques which allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices.

This method does not use the carrier and so is free (and invisible to the carrier). We show how to use the Sulley fuzzing framework to generate fuzzed SMS messages for the smart phones as well as ways to monitor the software under stress. Finally, we present the results of this fuzzing and discuss their impact on smart phones and cellular security.