Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Defcon 17 - Brandon Dixon - Attacking Sms

    Загружено:

    dasxax
    130 просмотров20 страниц
    It's the year 2009 and spam mail is still taking up a huge percentage of all email sent everyday over the Internet. Could you imagine that same messaging spam making a detour through your favorite cellular provider gateway and right to your SMS inbox? Mobile spam has not reached the same popularity as email spam, but what if it was as easy as submitting a form to spam thousands of people? Research was done on several messaging services and implementations to identify vulnerabilities to exploit. The end result to the research was that the idea of mobile spam was easily a reality using Jabber/XMPP and some techniques already put in place by multiple vendors. This talk will conclude with a proof-of-concept web application demo that demonstrates the techniques and issues mentioned as well as thoughts for solving the next generation of spam. Expect to walk away with a new look on mobile spam and the damage that could be done just by pressing submit.

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    It's the year 2009 and spam mail is still taking up a huge percentage of all email sent everyday over the Internet. Could you imagine that same messaging spam making a detour through your favorite cellular provider gateway and right to your SMS inbox? Mobile spam has not reached the same popularity as email spam, but what if it was as easy as submitting a form to spam thousands of people? Research was done on several messaging services and implementations to identify vulnerabilities to exploit. The end result to the research was that the idea of mobile spam was easily a reality using Jabber/XMPP and some techniques already put in place by multiple vendors. This talk will conclude with a proof-of-concept web application demo that demonstrates the techniques and issues mentioned as well as thoughts for solving the next generation of spam. Expect to walk away with a new look on mobile spam and the damage that could be done just by pressing submit.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    130 просмотров20 страниц

    Defcon 17 - Brandon Dixon - Attacking Sms

    Загружено:

    dasxax
    It's the year 2009 and spam mail is still taking up a huge percentage of all email sent everyday over the Internet. Could you imagine that same messaging spam making a detour through your favorite cellular provider gateway and right to your SMS inbox? Mobile spam has not reached the same popularity as email spam, but what if it was as easy as submitting a form to spam thousands of people? Research was done on several messaging services and implementations to identify vulnerabilities to exploit. The end result to the research was that the idea of mobile spam was easily a reality using Jabber/XMPP and some techniques already put in place by multiple vendors. This talk will conclude with a proof-of-concept web application demo that demonstrates the techniques and issues mentioned as well as thoughts for solving the next generation of spam. Expect to walk away with a new look on mobile spam and the damage that could be done just by pressing submit.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 20

    2

    XMPP/Jabber
    Transports
    Short mail
    Internet to mobile communications

    www.g2-inc.com

    Number + Carrier = Victim


    Users get email message with subscription
    (texting)
    Received as a text message and not an email
    Cost equivalent to standard text message

    www.g2-inc.com

    Conventional spamming techniques


    Mass emailers
    Spoofing the source address
    Carrier can be identified by services online
    Scriptable
    Short mail is accepted by default

    www.g2-inc.com

    Anything past 160 characters may be dropped


    Carrier must be properly identified for message
    to go through
    No delivery confirmation

    www.g2-inc.com

    Incoming text = charge to the user


    Send short mail from any mail client
    Turned on by default
    Carrier offers limited methods to stopping the
    attack

    www.g2-inc.com

    Sprint
    50 max email/domain blocked
    Cant block everything
    Verizon
    10 max email/domain blocked
    Can block everything
    AT & T
    15 max email/domain blocked
    Cant block everything
    7

    www.g2-inc.com

    Short mail should not be directly tied into SMS


    Possible flagged of message to identify origin
    Feature should be easily adjusted by the user
    Should be turned off by default
    More power should be given to block unwanted
    messages

    www.g2-inc.com

    Communications through XML


    Setting up your own server is easy
    Multiple options for different platforms
    Allows for bonding to legacy chat
    implementations
    Control of message flow
    No rate limiting

    www.g2-inc.com

    Google Talk, Yahoo, AIM, MSN (in some areas)


    Input a users phone number and their now a
    contact
    Messages get sent in the form of an SMS
    message

    10

    www.g2-inc.com

    Google forces a user to respond after a chat is


    initiated
    No response after a few messages = no more
    talk
    Yahoo forces a user to respond after a chat is
    initiated and performs throttling
    AOL does NOT force a user to respond but does
    throttle

    11

    www.g2-inc.com

    Rate limiting is imposed when sending messages


    too fast
    Messages past 160 characters are split into
    multiple messages and NOT dropped
    1 message = 13 messages (2000 byte max)
    Acceptance must be made the first time for
    chatting (this was not always the case)
    Abuse can be programmatically done

    12

    www.g2-inc.com

    Transport is a bolt-on to a jabber server


    Shows up in service directory for the hosted jabber
    domain
    Users can bond to legacy services
    Jabber_Name -> AOL
    Log in to jabber and see AOL contacts
    User looks like: AOLcontact@myJabber.com
    Jabber name can bond to multiple AOL names (each
    must be on a different transport)
    Public transports are available
    13

    www.g2-inc.com

    Internal Jabber server with AIM transport service


    Bond internal jabber accounts with AOL accounts
    Send messages to phones using internal jabber
    account
    Connection, bonding and authorization can be done
    programmatically

    14

    www.g2-inc.com

    Generate phone list


    Generate AOL account list (you must own these)
    Read through list and send one giant message per
    number (1000 messages per second)
    Send multiple messages to one number (must add
    delay to avoid rate limits)

    15

    www.g2-inc.com

    AOL is the single point of failure


    Rate limiting is a pain
    Phone carriers queue messages
    Limited bandwidth
    Some messages could be dropped
    AOL provides support to combat against spam and
    allows users to block messages

    16

    www.g2-inc.com

    Send messages at a high rate of speed


    Some transports have support for SOCKS proxies
    (tor)
    Public transports are often found in other countries
    with a large user base (good for hiding)
    All attacks can be done programmatically without
    interaction

    17

    www.g2-inc.com

    AOL needs to follow Yahoo and Googles


    implementation design
    Protection has gotten better since testing first
    began a year ago
    ToC servers appear to no longer support Internet
    to mobile communications

    18

    www.g2-inc.com

    Eliminates dependencies with libraries


    Could easily be made into a framework with
    modules
    Can be accessed anywhere by many people
    Proof-of-Concept allows
    Bonding of names
    Sending messages through a choice of transports
    Sending spoofed short mail messages
    Identifying public transports
    More could be added
    19

    www.g2-inc.com

    20

    www.g2-inc.com

    Вам также может понравиться