Jump to content

Idea for a new cellular device


Dfg

Recommended Posts

This is taken from Zoklet.net. It seems a pretty unique idea and I thought Hak5 could work on it. I don't know if it will work but I am hoping someone here would know how to run it or make it.

OK, here's an idea I had when I was thinking about infiltration into a network via 802.11 wireless. I'll try and explain it in terms of what I'm suggesting someone could do. I don't personally have the money to purchase the phone, nor the data access plan that would make it worthwhile, but I'm sure someone out there will probably be interested just for the fun.

So, here's the idea: Take an Android phone -- Android is chosen because it uses a Linux kernel and it'll probably be easiest to modify. Modify the phone to have a Ethernet controller and CAT-5 or CAT-6 jack. Install the kernel module for the Ethernet controller (so the Ethernet capabilities become available to the phone's software), as well as the libraries and utilities needed to use the Ethernet (if applicable -- I don't know if Android already uses Ethernet-like services). Finally, install VPN server software (OpenVPN seems appropriate).

Here's the use-case scenario: Assume you need to get on someone's Ethernet (as a pen tester with a contract to do it, of course). You can get someone physically in, but can't spend long enough to plant a trojan or reconfigure a firewall. You also can't risk the access point being detected if the company sweeps their facilities for 802.11 access points. Even beyond that, carrying a 802.11 wireless router in is VERY suspicious, and if one is found afterward you're the first suspect.

Nobody cares if you bring in a cell phone, and they don't sweep for cellular frequencies in most businesses -- most businesses rely on cell phones for their core operations. It's very unlikely that someone driving by will detect that your cell phone is a VPN server. It's smaller than a wireless AP and easier to hide, although you may still need to plug it in to power in addition to Ethernet.

Given that it's got a data plan (preferably allowing a lot of transfer bandwidth), you should be able to connect to it via Internet, allowing you to get into the network from almost anywhere in the world, meaning no more getting caught sitting in the parking lot. The bad part is that this approach is very expensive -- you have to buy the phone, the parts for modifying it, and the phone service plan (you can buy it with minimal talk and text messaging options, but lots of data transfer).

Link: http://www.zoklet.net/bbs/showthread.php?t=96240

Link to comment
Share on other sites

You could get a boost mobile prepaid phone (no real name or address tied to the account) and a fon 2.0g. Setup an intercepter but have it tethered through the phone at blazing fast gprs speeds (sarcasm) instead of wifi and accomplish about the same thing. You still have to carry what looks like an access point into the building though :/

Link to comment
Share on other sites

You could get a boost mobile prepaid phone (no real name or address tied to the account) and a fon 2.0g. Setup an intercepter but have it tethered through the phone at blazing fast gprs speeds (sarcasm) instead of wifi and accomplish about the same thing. You still have to carry what looks like an access point into the building though :/

Just hide it inside a flower arrangement.

You: Hi! I've got a flower delivery for Susanna.

Receptionist: We don't have a Susanna here.

You: Well This is the address. Want some flowers for your desk?

Receptionist: Sure!

Link to comment
Share on other sites

I wouldn't want to leave my droid someplace. In theory, sounds like it'd work, but it'd take a ton of work to make functional. They just recently got Android to wifi tether. See my forum post here:

http://hak5.org/forums/index.php?showtopic=15633

I plan on doing this by the end of the week. I've contacted Darren and he's going to do a segment on it when he gets back from the U.K.

Link to comment
Share on other sites

Various manufacturers sell access points that use frequencies other than that of the Wi-Fi standard, such as Ubiquiti. Just use one of those instead, they won't be able to detect it unless they are searching for these APs specifically,also, if you have time to plug the phone in and manage to hide it with a Ethernet and power cable trailing out of it, you probably have enough time to install something

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...