SMS to Meterpreter - Fuzzing USB Modems
Rahul Sasi (fb1h2s) is working as an Security Researcher. He has authored multiple security tools, advisories and articles. He has was invited to speak at various security conferences like HITB [KL], BlackHat [US Arsenal], Cocon (2011, 2012), Nullcon (2011, 2012), HITB (AMS 2012) and BlackHat (EU 2012), EKoparty (Argentina). His work could be found at www.Garage4Hackers.com.
Offensively focused research is of high importance mainly because of the increase in no of targeted attacks. This paper focus on an innovative new attacks surface [USB Data Modems] that could possibly be a potential target to attacks in the future. The paper demonstrates fuzzing approaches and code execution on computers via SMS payloads.
Attacking by SMS
“You can run, you can hide but you can’t escape these exploits”. There is already a lot of research done on SMS attacks on mobile phones by Collin mullier, Charlie Miller, Nico Golde. Based on their research it was easy to find SMS payloads that crashed the phones but reliable code execution was hard on the mobile platforms. As well as the limitation of character that could be send over SMS was an issue. In the case of USB modems, it was easy to write a reliable exploits once we found a poc crash. Another main reason is no user interaction required, as soon as SMS is received on modem the parser[dialer] tries to read the data and extract the database and move it to the local database. A normal web browser or network layer attacks need either user interaction or their target to be online attacks. But SMS based exploit does not have these drawbacks, as soon as a victim gets online his service provider would forward the message to his Inbox. Mass exploitation and high reliability of targets, since these modems have a phone no which lies in a particular series, so all the phone numbers starting with xxxxxx1000 to xxxxxx2000 would be running a particular version of USB modem software so the impact is large.