Jump to content

[Idea] Hacking Mobile Devices, The Other way...


BobH

Recommended Posts

OK, here is a thought, You can setup EvilAP on a pineapple and get all the lootz on the people that have WiFi enabled and autoconnect setup (most people). But what about people like Us? the ones that are smart enough to turn off WiFi, not autoconnect to networks etc? Why not attack 3-4G!

Think about this. You can pick up a mobile Cell Repeater to help with low cellular signal strength at home, but why not hack it so that "anyone" can connect to the mobile tower, rather than the small list of users in your home. Then as you walk into a location, you can automagically pick up all communications (as you will now be the local tower), then if you have the connections, you can send the data through from the cell AP to the Pineapple to hit the fake portals to reap more lootz before passing them on to the internet connection on the Pineapple.

My guess would be that you'd have to find some way of accepting the connection with the AP as either unencrypted or break that encryption between AP and Pineapple, then re-encrypt on the back end, or would you. The pwned cell data user would probably not see any difference provided that they are connecting via HTTPS to the website of their choice, and of course, the APs are branded, so you will only get 1 vendor at a time/roamers (but they are few now). But think of the Pwnage!!!

 

PS> As a (mostly) WhiteHat, this is of course for testing purposes only, if anyone can figure out the way to do it...

Bob

  • Like 1
Link to comment
Share on other sites

Fem to cell boosters are 300-500$$ a unit, and all they do, is boost signal. If you want MITM, you want something like an IMSI catcher which can both track and MITM(with the right added software) 4g/LTE phones. Older 4G and 3G, you could add a 2G base station that forced users to connect to it by being the closest signal, and then intercepting traffic. There are other devices I can't remember the name of but sure a little gooling you'll find they aren't cheap. Some of the hardware starts $1k and up, but I know SDR tools these days come in all kinds of new  packages that can probably help the home DIY tester for experimenting on their own equipment.

Link to comment
Share on other sites

  • 3 weeks later...

Came across this today. https://evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/

There is also an IMSI catcher project, that hopes to be able to find and notify you of rouge base stations, since not just hobbyists, but law enforcement is more and more using these at places like protests and such, it's only a matter of time before we need to develop something else for communication, which many people are already using signal and other messaging such apps on their phones, they can still be tracked by the phone's GPS and GSM leaked data and put someone at the scene of a crime, even if they were only just walking by while one happened. https://techcrunch.com/2017/06/02/who-catches-the-imsi-catchers-researchers-demonstrate-stingray-detection-kit/?ncid=rss

The IMSI catcher project https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector is on GIT and also has pre-made APK's for install on Sourceforge, but you'll need a rooted phone to install one (as far as I know).

Link to comment
Share on other sites

On 6/4/2017 at 1:12 AM, digip said:

Came across this today. https://evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/

There is also an IMSI catcher project, that hopes to be able to find and notify you of rouge base stations, since not just hobbyists, but law enforcement is more and more using these at places like protests and such, it's only a matter of time before we need to develop something else for communication, which many people are already using signal and other messaging such apps on their phones, they can still be tracked by the phone's GPS and GSM leaked data and put someone at the scene of a crime, even if they were only just walking by while one happened. https://techcrunch.com/2017/06/02/who-catches-the-imsi-catchers-researchers-demonstrate-stingray-detection-kit/?ncid=rss

The IMSI catcher project https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector is on GIT and also has pre-made APK's for install on Sourceforge, but you'll need a rooted phone to install one (as far as I know).

Not to say that it actually works..However they do seem quite powerful (IMSI Catchers), basically leaving no trace. Using this kind of hardware you could potentially spoof being someone else or change someone's message/call (or even redirect it). E.g. you intercept a message via your IMSI catcher and change the message as it goes, the receiver getting a message that has been filtered by the IMSI catcher. To do this you would need to be able to send/receive SMS', calls and other internet connected messages from the IMSI catcher. But it could be possible as it is a MITM attack...But it would also leave a trace.

Link to comment
Share on other sites

The IMSI catcher project is working to decloak rouge towers, ie: when law enforcement is tracking you or others for that matter, as they have been known to deploy their own at rallies and protests to track people. Partially, there is no clear law on the matter in how they can be abused by law enforcement either, so long as they aren't "wiretapping" conversations without court orders, tracking your phone is apparently gray area, so if they can identify numbers alone and hardware ID's, they can put you at the scene of a crime, even if you were just walking past it and not involved, which is why they always tell you turn off your phone at a protest or political rally, even if doing nothing wrong. Your presence is like guilty by association in a sense.

Link to comment
Share on other sites

oh man ive been thinking of doing this for a while ...if i can do it cheap enough im going 4 it lol

you guys are awsome !  .... can this be done  with  a rtl sdr like the one darren kitchen had ?   i think its like 20 bucks

i only ask because i seen the link that dave ee jones posted about the evil socket  but this is a great project if we can

accomplish it  i mean because everyone is going to cell phone  my girlfriend doesnt even get on her laptop anymore at all

good luck getting me to give up my laptop / desktop's  lol   ill be running linux til the world ends  thanks 4 the idea    thumbs up !!!

Link to comment
Share on other sites

On ‎10‎/‎06‎/‎2017 at 3:56 PM, datajumper said:

I'll be running linux til the world ends

Technically it would be the best operating system for after the World ends, too. Less power required, smaller footprint and can be installed on almost any device :lol:

Not sure pentester would be a viable career though!

Link to comment
Share on other sites

13 hours ago, haze1434 said:

Technically it would be the best operating system for after the World ends, too. Less power required, smaller footprint and can be installed on almost any device :lol:

Not sure pentester would be a viable career though!

World ends = not world ends?? What you talkin' bout, Willis? There'll be no devices or power or anything..

Edited by Dave-ee Jones
Link to comment
Share on other sites

  • 5 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...