Brandon dixon - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Brandon dixon

Description:

Throttling and rate limiting are in place (not certain how this is ... AOL does NOT force a user to respond after chatting but does throttle. www.g2-inc.com ... – PowerPoint PPT presentation

Number of Views:26
Avg rating:3.0/5.0
Slides: 21
Provided by: g2i
Category:

less

Transcript and Presenter's Notes

Title: Brandon dixon


1
Brandon dixon
Carrier Pigeon
Attacking SMS
2
Problems with short mail
  • Number_at_Carrier Victim
  • Users get email message with subscription
    (texting)
  • Received as a text message and not an email
  • Cost equivalent to standard text message
  • Enabled by default

2
www.g2-inc.com
3
Attacking short mail
  • Conventional spamming techniques
  • Mass mailers
  • Spoofing the source address
  • Carrier can be identified by services online
  • Scriptable

3
www.g2-inc.com
4
Limitations
  • Anything past 160 characters may be dropped
    (depends on the carrier)
  • Carrier must be properly identified for message
    to go through
  • No delivery confirmation

4
www.g2-inc.com
5
Why is this bad?
  • Incoming text charge to the user
  • Send short mail from any mail client
  • Turned on by default
  • Carrier offers limited methods to stopping the
    attack by default or its not clear to find the
    information

5
www.g2-inc.com
6
Carrier capabilities
  • Users can block certain domains or completely
    shut off the feature (depends on the carrier)
  • Throttling and rate limiting are in place (not
    certain how this is implemented)
  • Alias short mail number (depends on the carrier)

6
www.g2-inc.com
7
Fixing the issue
  • Feature should be easily adjusted by the user
  • Should be turned off by default
  • More power should be given to block unwanted
    messages by default

7
www.g2-inc.com
8
XMPP/ Jabber
  • Communications through XML
  • Setting up your own server is easy
  • Multiple options for different platforms
  • Allows for bonding to legacy chat
    implementations
  • Control of message flow
  • No rate limiting

8
www.g2-inc.com
9
Internet to mobile
  • Google Talk, Yahoo, AIM, MSN (in some areas)
  • Input a users phone number and their now a
    contact
  • Messages get sent in the form of an SMS message

9
www.g2-inc.com
10
So what's new?
  • Google forces a user to respond after a chat is
    initiated
  • No response after a few messages no more talk
  • Yahoo forces a user to respond after a chat is
    initiated and performs throttling
  • AOL does NOT force a user to respond after
    chatting but does throttle

10
www.g2-inc.com
11
Abusing AOL
  • Rate limiting is imposed when sending messages
    too fast
  • Messages past 160 characters are split into
    multiple messages and NOT dropped
  • 1 message (2000 byte max) 13 messages
  • Acceptance must be made the first time for
    chatting
  • Abuse can be programmatically done

11
www.g2-inc.com
12
XMPP/Jabber transports
  • Transport is a bolt-on to a jabber server
  • Shows up in service directory for the hosted
    jabber domain
  • Users can bond to legacy services
  • Jabber_Name -gt AOL
  • Log in to jabber and see AOL contacts
  • User looks like AOLcontact_at_myJabber.com
  • Jabber name can bond to multiple AOL names
    (each must be on a different transport)
  • Public transports are available

12
www.g2-inc.com
13
Phones and Jabber
  • Internal Jabber server with AIM transport
    service
  • Bond internal jabber accounts with AOL accounts
  • Send messages to phones using internal jabber
    account
  • Connection, bonding and authorization can be
    done programmatically

13
www.g2-inc.com
14
Abusing Phones
  • Generate phone list
  • Generate AOL account list (you must own these)
  • Read through list and send one giant message
    per number (1000 messages per second)
  • Send multiple messages to one number (must add
    delay to avoid rate limits)

14
www.g2-inc.com
15
Limitations
  • AOL is the single point of failure
  • Rate limiting is a pain
  • Phone carriers queue messages
  • Limited bandwidth
  • Some messages could be dropped
  • AOL provides support to combat against spam and
    allows users to block messages

15
www.g2-inc.com
16
Why is this bad?
  • Send messages at a high rate of speed
  • Some transports have support for SOCKS proxies
    (tor)
  • Public transports are often found in other
    countries with a large user base (good for
    hiding)
  • All attacks can be done programmatically
    without interaction

16
www.g2-inc.com
17
Fixing the problem
  • AOL needs to follow Yahoo and Googles
    implementation design
  • Protection has gotten better since testing
    first began a year ago
  • ToC servers appear to no longer support
    Internet to mobile communications

17
www.g2-inc.com
18
Why does this all matter?
  • User is at risk with limited ways to fight
    against the attack (depending on the vendor)
  • Cellular networks are at risk for targeted
    attacks that could potentially affect service
  • Time has shown that vendors are fixing things

18
www.g2-inc.com
19
Web Application
  • Eliminates dependencies with libraries
  • Could easily be made into a framework with
    modules
  • Can be accessed anywhere
  • Proof-of-Concept allows
  • Bonding of names
  • Sending messages through a choice of transports
  • Sending spoofed short mail messages
  • Identifying public transports
  • More could be added

19
www.g2-inc.com
20
Contact
  • brandon.s.dixon_at_gmail.com
  • brandon.dixon_at_g2-inc.com

20
www.g2-inc.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Brandon dixon" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!