IEEE Security and Privacy
Defending against an Internet-based attack on the physical world
ACM Transactions on Internet Technology (TOIT)
Exploiting open functionality in SMS-capable cellular networks
Proceedings of the 12th ACM conference on Computer and communications security
Mitigating attacks on open functionality in SMS-capable cellular networks
Proceedings of the 12th annual international conference on Mobile computing and networking
Vulnerability Analysis of MMS User Agents
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
On cellular botnets: measuring the impact of malicious devices on a cellular network core
Proceedings of the 16th ACM conference on Computer and communications security
Injecting SMS messages into smart phones for security analysis
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
A survey of mobile malware in the wild
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Baseband attacks: remote exploitation of memory corruptions in cellular protocol stacks
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
Attestation of mobile baseband stacks
NSS'12 Proceedings of the 6th international conference on Network and System Security
Chucky: exposing missing checks in source code for vulnerability discovery
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Let me answer that for you: exploiting broadcast information in cellular networks
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
Mobile communication is an essential part of our daily lives. Therefore, it needs to be secure and reliable. In this paper, we study the security of feature phones, the most common type of mobile phone in the world. We built a framework to analyze the security of SMS clients of feature phones. The framework is based on a small GSM base station, which is readily available on the market. Through our analysis we discovered vulnerabilities in the feature phone platforms of all major manufacturers. Using these vulnerabilities we designed attacks against end-users as well as mobile operators. The threat is serious since the attacks can be used to prohibit communication on a large scale and can be carried out from anywhere in the world. Through further analysis we determined that such attacks are amplified by certain configurations of the mobile network. We conclude our research by providing a set of countermeasures.