Vulnerability Analysis of SMS Implementations on Mobile and Smart Phones

Collin Mulliner


The Short Message Service (SMS) is one of the building blocks of the mobile phone service. It is used for text messaging by users as well as for services that work under the hood of every mobile phone. The security of SMS-implementations is critical because attacks can be carried out remotely without any user interaction and because SMS can not be disabled or filtered on current mobile phones. This talk will cover past and future work on vulnerability analysis of SMS implementations on smart and mobile phones.


Collin Mulliner is a PhD student at Technische Universitaet Berlin (TU-Berlin) and Deutsche Telekom Laboratories. Collin's main interest is in the area of security and privacy of mobile and embedded devices with an emphasis on mobile and smart phones. Since 1997 Collin has developed software and did security work for Palm OS, J2ME, Linux, Symbian OS, Windows Mobile, Android, and the iPhone. In 2006 he published the first remote code execution exploit based on the multimedia messaging service (MMS). Collin's most recent projects are in the area of vulnerability analysis and offensive security.

Time and Place

Aug 5 2010 (Thursday) at 1630 hrs
Gates 4B (opposite 490)