COMMSEC: Abusing Over-The-Air Client Provisioning: My SMS To Do Your Settings

PRESENTATION SLIDES (PDF)

Do you remember how when you switched on your phone abroad for the first time, it popped up a message suggesting to install your operator’s network settings? Do you have any idea what these settings were, and where exactly they originated from? Could it be coming not from your network operator, but from somebody malicious instead?

We found security issues with phones by major vendors, including Samsung, Huawei, LG and Sony, which allow anybody and everybody to send network settings to these phones. A user has no way to tell what settings he is accepting, nor whether they were indeed sent by his network operator, or an imposter. With just one message like this, an attacker can take over your network traffic, mail server and other settings, putting your privacy at serious risk.

The affected vendors are currently working, each one independently, on fixes for these vulnerabilities; but their root cause is that the specifications for mobile client provisioning are rather old, and they don’t give enough attention to security aspects.

Our talk will describe in detail the possible attack flows, including their live demos and a discussion of their mitigations by the vendors.

COMMSEC
Location: BALLROOM 2 Date: August 30, 2019 Time: 2:00 pm - 3:00 pm Slava Makkaveev Artyom Skrobov