sandred Posted March 24, 2010 Share Posted March 24, 2010 It was very interesting talk at Shmoocon 2010 about GSM MITM and using USRP and OpenBooTS. The only downside of it being the cost. I came across this today and you might already be aware of it from ATT http://www.wired.com/gadgetlab/2010/03/att-microcell/ . I am not sure if that thing is hackable to begin with but they claim "Device is secure – cannot be accessed by unauthorized users, easy and secure online management of device settings" .... hmm sounds challenging and interesting. Any of you looked into it? May be or if we can use this instead of costly USRP module for GSM MITM? Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 24, 2010 Share Posted March 24, 2010 Once some one figures out how to dump the OS off that, it's basically game over for mobile phones and there 'security'. For example Lets say they did every thing they can to make it secure: They use an compressed encrypted image to boot from, the CPU is specially built knowing the encryption key (some how). At startup the BIOS (or what ever) chooses a random session key that is used to encrypt the contents of memory before it leaves the CPU and the CPU stores it in a register or some thing so it never leaves the CPU. In this case where every thing that goes in to the CPU is encrypted and is encrypted again on the way out there are still things you can do to significantly improve chances of success. Trying to decrypt a compressed boot image isn't going to work. However, if you can take RAM dumps (I know, hardware not particularly easy), well, there is a decent chance that it will contain HTML (and other web page content) along with other common patterns found in memory. It might be a bit slow but it would work eventually. Another point of attack may be to try and temper the device so that the random number it generates for the memory isn't so random any more. Tampering with the system clock time and warping it's antennas in foil so it can't take randomness from the air. Basically, some one some where will figure it out. Though with a device like this it's more likely to end up in the hands of organised crime before any hobbyist posts a how to on the internet. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.