Re: [PEN-TEST] SMS (Short Message Service) Security

[Andy Murton <awm () THREEGEE NET>]

Also,

Worth bearing in mind that there may well be an interface to a WAP Gateway
if they have one, and this can provide an attack channel on certain
platforms..

Finally, buffer stnrcopies seem to be an issue on a certain platform too.

Cheers,

--awm

-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of
Guy Hadsall
Sent: 19 February 2001 3:09
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] SMS (Short Message Service) Security


Ronen,

The SMS platform will dictate the type of attack.  The Ericsson is on
Solaris, others are on NT.  Best way to tackle the test is to prepare for
the enivonment and completely understand the interfaces between systems.
The TOE (test environment) for an SMS system includes both circuit switched
and packet interfaces. The operating system of the network elements are
often NT for non-carrier solutions and the application software has more
often then not never been assessed by a security practictioner.  It'll be
like "fishing in a barrel" IMHO.

Good luck, and please do share!

GuyH


-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of
Ronen Segal
Sent: Sunday, February 18, 2001 7:44 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] SMS (Short Message Service) Security


Hello all.
I’m about to conduct a Security Risk Assessment about a- TDMA and GSM SMS
Services.
If you could please point me to an article that deals with this matter or
some thing that could help me get started by understanding the Risks SMS
poses to the Service provider and the Cellular Subscriber I would be very
Thankful.
Thank You.
Ronen