Tuesday, September 25 2012
First I want to talk about Ravi's awesome findings on USSD and TEL URIs (RFC 2806).
Ravi was working on USSD security in general and found that on Android phones you can inject USSD codes
into the phone dialer via the TEL URI handler without user interaction. Meaning you don't have to
press the call button (aka the green button) to activate the USSD code. Using this he showed howto
brick SIM cards and howto wipe Samsung made Android phones. The beauty about TEL URIs is that
it is super easy to have them activated on a mobile phone. In 2010 I did a talk on this at
CanSecWest (Random tales from a mobile phone hacker skip to the end of the talk for the TEL/SMS URI stuff). The basic technique used
for this kind of attack are iframes but very well can be any other kind of URI activation method (redirects, img tag, etc.).
A video of Ravi's demo from Ekoparty is here Demo Dirty use of USSD Codes in Cellular Network en Ekoparty 2012.
Further infos:
This is a super fun bug class also a little bit sad that stuff like this works at all.
Second, more cool NFC/RFID mobile hacking from the good guys at Intrepidus. They investigated
RFID based transit passed and wrote an Android application that can reset the pass. While the
actual basic idea is not new I really like the phone as the attack tool since you always carry
it around with you. Some guy could stand one the corner next to the subway entry and sell
you the service of resetting your transit pass. Check out their writeup: UltraReset - Bypassing NFC access control with your smartphone
On the topic of NFC and security. The guy(s) behind RadioWarCN released an Android toolkit for messing with RFID/NFC tags. Check it out here: Radiowar Release NFC-WAR Preview. I didn't had the time to try it myself.
Conferences:
ToorCon in mid October (damn I can't go) so far has mobile talks lined up: Mobile Device attack graphs for fun and profit - Jimmy Shah. {Malandroid} The Crux of Android Infections - Aditya K Sood. When Cell Towers Become Too Smart For Their Own Good - Drew "RedShift" Porter. Also my former co-worker Dmitry (hwsec.net) seems to be giving a talk, my bet is one hardware security.
That is it for now. I'm super busy working one a new Android security project. This will kick ass.