DocumentCode
2965239
Title
Vulnerability Analysis of MMS User Agents
Author
Mulliner, Collin ; Vigna, Giovanni
Author_Institution
University of California, Santa Barbara, USA
fYear
2006
fDate
Dec. 2006
Firstpage
77
Lastpage
88
Abstract
The Multimedia Messaging Service (MMS) is becoming more popular, as mobile phones integrate audio and video recording functionality. Multimedia messages are delivered to users through a multi-step process, whose end-points are the MMS User Agents that reside on the users¿ mobile phones. The security of these components is critical, be- cause they might have access to private information and, if compromised, could be leveraged to spread an MMS-based worm. Unfortunately, the vulnerability analysis of these components is made more difficult by the fact that they are mostly closed-source and the testing has to be performed through the mobile phone network, which makes the testing time-consuming and costly. This paper presents a novel approach to the security testing of MMS User Agents. Our approach takes into account the effects of the infrastructure on the delivery of MMS messages and then uses a virtual infrastructure to speed up the testing process. Our testing approach was able to identify a number of previously unknown vulnerabilities, which, in one case, allowed for the execution of arbitrary code.
Keywords
Application software; Computer worms; Information security; Message service; Mobile handsets; Performance analysis; Performance evaluation; Testing; Video recording; Viruses (medical); Fuzzing.; Mobile devices; Mobile phones; Multimedia Messaging Service; Vulnerability Analysis;
fLanguage
English
Publisher
ieee
Conference_Titel
Computer Security Applications Conference, 2006. ACSAC '06. 22nd Annual
Conference_Location
Miami Beach, FL, USA
ISSN
1063-9527
Print_ISBN
0-7695-2716-7
Type
conf
DOI
10.1109/ACSAC.2006.55
Filename
4041156
Link To Document