Dr. Charlie Miller will give two talks at the Black Hat 2009 Conference in Las Vegas, NV at the end of July.
Dr. Miller and Vincenzo Iozzo will be giving a talk entitled, "Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone". This presentation will show how is it possible to effectively run high level payloads on a factory phone by defeating code signing protections after exploitation. Specifically by injecting an arbitrary non-signed library in the victim's process address space, an attacker is able to run his own code thus granting a much higher attack efficacy. This is especially important because on factory iPhones, there are no useful utilities, not even a shell. With this technique, an attacker can bring along their own tools, including the ability to get directory listing, upload and download files, even pivot attacks, in the form of Meterpreter!
Dr. Miller will also be giving a talk with Collin Mulliner entitled, "Fuzzing the Phone in your Phone".
In this talk they will show how to find vulnerabilities in smart phones. Not in the browser or mail client or any software you could find on a desktop, but rather in the phone specific software. They will present techniques which allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices. This method does not use the carrier and so is free (and invisible to the carrier). They’ll show how to use the Sulley fuzzing framework to generate fuzzed SMS messages for the smart phones as well as ways to monitor the software under stress. Finally, they will present the results of this fuzzing and discuss their impact on smart phones and cellular security.