War Texting: Identifying and Interacting with Devices on the Telephone Network

Black Hat USA 2011

Presented by: Don A. Bailey
Date: Wednesday August 03, 2011
Time: 10:00 - 11:00
Location: Augustus I + II
Track: Bit Flow

Devices have been attached to the telephone network for years. Typically, we think of these devices in terms of modems, faxes, or TTY systems. Now, there is a growing shift in the nature of the devices that are accessible over the telephone network. Today, A-GPS tracking devices, 3G Security Cameras, Urban Traffic Control systems, SCADA sensors, Home Control and Automation systems, and even vehicles are now telephony enabled. These systems often receive control messages over the telephone network in the form of text messages (SMS) or GPRS data. These messages can trigger actions such as firmware updates, Are You There requests, or even solicitations for data. As a result, it is imperative for mobile researchers to understand how these systems can be detected by attackers on the global telephone network, then potentially abused.

These systems are increasingly capable of affecting the physical world around us. Additionally, devices attached to the phone network cannot be easily compartmentalized or firewalled from potential abusers the same way that IP enabled systems can. Therefore, understanding the threat models associated with these devices and the telephone network will allow mobile researchers and embedded engineers to correctly implement security solutions that minimize a device's exposure to threat actors.

Empirical evidence will be presented that demonstrates creative and successful ways to classify potential devices amongst millions of phone numbers world wide. Once properly classified, devices can be interacted with in simple and efficient ways that will be revealed by the speaker. Simple scripts and software will be released that exemplify these techniques with real world examples, but are designed in a pluggable fashion that allows mobile researchers to develop their own device profiles and methods for interaction.

Don A. Bailey

Don A. Bailey is a Security Consultant with iSEC Partners, Inc. Don has discovered many unknown security vulnerabilities in well used software, analyzed new and proprietary protocols for design and implementation flaws, and helped design and integrate security solutions for up and coming internet software. While Don's primary expertise is in developing exploit technologies, he is also well versed at reverse engineering, fuzzing, enterprise and embedded programming, source code auditing, rootkit detection and design, and network penetration testing. In addition, Don has helped develop and enhance risk management programs for several Fortune 500 companies and has been invited to speak about risk management from a CISO perspective at government organized conferences. For the past six years, Don has presented research at several international security conferences discussing topics such as stealth root-kit design, zero-day exploit technology, DECT, GSM, and embedded security. Most recently, Don spoke at Blackhat Barcelona 2011 and SyScan Singapore 2011 regarding vulnerabilities in embedded architectures and issues in the global telephone network.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats