Cupfighter.net

This is the talk that I blogged about earlier about owning the iPhone through SMS. The work Charlie and Collin did was actually amazing.

In their presentation they first looked at SMS.  SMS is a building block of the phone system and essential to the working of the modern network because it is used for all kinds of stuff. Why is it good to attack? No firewall, processed by all phones, no user interaction and you only need a phone number to send an SMS.

Read more…

Charlies Miller’s and Collin Mulliners talk “Fuzzing the Phone in your Phone” today revealed full details that could make the first iPhone virus infection at the Blackhat security conference in Las Vegas.

Large SMS messages are cut up in smaller SMS messages, this means that the SMS messages need to be parsed by the phone to put it back together and thus can be used as an attack vector to breach the phone. By using a technique known as fuzzing, Miller and Mulliner where able to find exploitable conditions that could be turned into an attack and an iPhone virus. The attack takes a total of 519 SMS messages, but will work without any user interaction.

Read more…