Overview
Explore an innovative attack surface targeting USB data modems in this conference talk from nullcon Goa 2013. Delve into offensively focused research on potential vulnerabilities in USB modems, which could become targets for future attacks. Learn about fuzzing approaches and code execution techniques on computers using SMS payloads. Discover the intricacies of SMS architecture, encoding, and handling, as well as various attack vectors such as social engineering and mass pitching. Gain insights into reverse engineering methods, USB sniffing, and the process of identifying exploitable bugs. Examine case studies, including the "Hawaii" vulnerability, and understand the importance of improving fuzzing approaches for better security. This presentation provides valuable information for security professionals and researchers interested in emerging attack surfaces and mobile device vulnerabilities.
Syllabus
Intro
What do you do
Agenda
Devices in India
Similarities
USB Modems
Phone Number
Network Manager
Modem Dialer
Modem Setup
Social Engineering Attack
Mass Pitching Attack
SMS Passing Module
SMS Architecture
Understanding SMS
Reading SMS
Encoding
SMS Handling
SMS Format
SMS Chart
SMSe Number
Test Cases
Exploit
Hawaii
No update
SMS vulnerabilities
Reverse engineering
Sniffing USB
USB Probe
Sniffing
What was collected
Making a better firsting approach
Current firsting approach
Exploitable bug
Hacktxt
Thank you
Any questions
Taught by
nullcon