On attack causality in internet-connected cellular networks
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Stealthy video capturer: a new video-based spyware in 3G smartphones
Proceedings of the second ACM conference on Wireless network security
On cellular botnets: measuring the impact of malicious devices on a cellular network core
Proceedings of the 16th ACM conference on Computer and communications security
pBMDS: a behavior-based malware detection system for cellphone devices
Proceedings of the third ACM conference on Wireless network security
Injecting SMS messages into smart phones for security analysis
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
Evaluating Bluetooth as a medium for botnet command and control
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
A SMS-based mobile Botnet using flooding algorithm
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
SMS of death: from analyzing to attacking mobile phones on a large scale
SEC'11 Proceedings of the 20th USENIX conference on Security
A data mining framework for securing 3g core network from GTP fuzzing attacks
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
| Hi-index | 0.00 |
The Multimedia Messaging Service (MMS) is becoming more popular, as mobile phones integrate audio and video recording functionality. Multimedia messages are delivered to users through a multi-step process, whose end-points are the MMS User Agents that reside on the users' mobile phones. The security of these components is critical, be- cause they might have access to private information and, if compromised, could be leveraged to spread an MMS-based worm. Unfortunately, the vulnerability analysis of these components is made more difficult by the fact that they are mostly closed-source and the testing has to be performed through the mobile phone network, which makes the testing time-consuming and costly. This paper presents a novel approach to the security testing of MMS User Agents. Our approach takes into account the effects of the infrastructure on the delivery of MMS messages and then uses a virtual infrastructure to speed up the testing process. Our testing approach was able to identify a number of previously unknown vulnerabilities, which, in one case, allowed for the execution of arbitrary code.