Vulnerability Analysis of MMS User Agents

A
ACSAC
2006
22nd Annual Computer Security Applications Conference (ACSAC'06)
Abstract - Vulnerability Analysis of MMS User Agents

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Collin Mulliner Articles by Giovanni Vigna

22nd Annual Computer Security Applications Conference (ACSAC'06)

Miami Beach, Florida, USA

December 11-December 15

ISBN: 0-7695-2716-7

	ASCII Text	x
	Collin Mulliner, Giovanni Vigna, "Vulnerability Analysis of MMS User Agents," Computer Security Applications Conference, Annual, pp. 77-88, 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006.

	BibTex	x
	@article{ 10.1109/ACSAC.2006.55, author = {Collin Mulliner and Giovanni Vigna}, title = {Vulnerability Analysis of MMS User Agents}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2006}, issn = {1063-9527}, pages = {77-88}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.55}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Vulnerability Analysis of MMS User Agents SN - 1063-9527 SP77 EP88 A1 - Collin Mulliner, A1 - Giovanni Vigna, PY - 2006 KW - Mobile devices KW - Mobile phones KW - Multimedia Messaging Service KW - Vulnerability Analysis KW - Fuzzing. VL - 0 JA - Computer Security Applications Conference, Annual ER -

Collin Mulliner, University of California, Santa Barbara, USA

Giovanni Vigna, University of California, Santa Barbara, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.55

The Multimedia Messaging Service (MMS) is becoming more popular, as mobile phones integrate audio and video recording functionality. Multimedia messages are delivered to users through a multi-step process, whose end-points are the MMS User Agents that reside on the users? mobile phones. The security of these components is critical, be- cause they might have access to private information and, if compromised, could be leveraged to spread an MMS-based worm. Unfortunately, the vulnerability analysis of these components is made more difficult by the fact that they are mostly closed-source and the testing has to be performed through the mobile phone network, which makes the testing time-consuming and costly. This paper presents a novel approach to the security testing of MMS User Agents. Our approach takes into account the effects of the infrastructure on the delivery of MMS messages and then uses a virtual infrastructure to speed up the testing process. Our testing approach was able to identify a number of previously unknown vulnerabilities, which, in one case, allowed for the execution of arbitrary code.

Index Terms:

Mobile devices, Mobile phones, Multimedia Messaging Service, Vulnerability Analysis, Fuzzing.

Citation:

Collin Mulliner, Giovanni Vigna, "Vulnerability Analysis of MMS User Agents," acsac, pp.77-88, 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.