InfoSec Institute Interview with Rahul Sasi
Rahul Sasi works as a security researcher for garage4hackers.com. Rahul is a respected name in the security industry. Last year, he researched about possible remote code execution in IVR applications. In that paper, he demonstrated code execution in banking applications. This year, he presented another paper on dosing and code execution on USB modem devices.
Can you please provide us some details about the research you did recently on USB modems?
USB modems have a high user deployment around the word. Because there hasn’t been much research about the risks involved in using these types of devices, security is still a virgin when it comes to USB modems. My research is basically about fuzzing USB modems. We were successful in designing a fuzzer which helped me find some interesting bugs in various USB modem devices.
What is the risk impact of such bugs? Can you please elaborate?
The medium for sending exploits for USB modems is the GSM network, and due to the lack of IDS/IPS in this medium, the users of such devices are at high risk. It takes just a single SMS payload and no user interaction is required to get remote root on victims running those USB modems.
What are your upcoming talks?
Right now I am working on browser related stuff.
Do you consider phone systems the new low-hanging fruit?
Not really. I think anything new that has technology cannot be considered as a low-hanging fruit.
What did you learn from your previous disclosures?
I personally do not believe in full disclosure. I waited until the bugs were fixed by vendors. The vendors were very responsive when it came to fixing bugs.