Attacking SMS. It's No Longer Your BFF

DEF CON 17

Presented by: Muhaimin Dzulfakar
Date: Friday July 31, 2009
Time: 14:00 - 14:20
Location: Turbo/Breakout Track
Track: Turbo/Breakout

It's the year 2009 and spam mail is still taking up a huge percentage of all email sent everyday over the Internet. Could you imagine that same messaging spam making a detour through your favorite cellular provider gateway and right to your SMS inbox? Mobile spam has not reached the same popularity as email spam, but what if it was as easy as submitting a form to spam thousands of people?

Research was done on several messaging services and implementations to identify vulnerabilities to exploit. The end result to the research was that the idea of mobile spam was easily a reality using Jabber/XMPP and some techniques already put in place by multiple vendors. This talk will conclude with a proof-of-concept web application demo that demonstrates the techniques and issues mentioned as well as thoughts for solving the next generation of spam. Expect to walk away with a new look on mobile spam and the damage that could be done just by pressing submit.

Brandon Dixon

<strong>Brandon Dixon</strong> is an Information Systems Security Engineer for G2, Inc. He has experience leading research into web services security, XML firewall configuration, and access control models in a service oriented architecture. Brandon has discovered numerous unpublished exploits based on vulnerabilities found in commercial products, web applications and messaging technologies. Additionally, Brandon actively participates in security research both on his own and with groups around the world, primarily with the focus of web application and core device vulnerability testing/discovery.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats