Jump to content

Gsm Mitm

sandred

By sandred
in Security

 Share

Recommended Posts

sandred Newbie

sandred

Posted
Posted

It was very interesting talk at Shmoocon 2010 about GSM MITM and using USRP and OpenBooTS. The only downside of it being the cost.

I came across this today and you might already be aware of it from ATT http://www.wired.com/gadgetlab/2010/03/att-microcell/ . I am not sure if that thing is hackable to begin with but they claim "Device is secure – cannot be accessed by unauthorized users, easy and secure online management of device settings" .... hmm sounds challenging and interesting. Any of you looked into it? May be or if we can use this instead of costly USRP module for GSM MITM?

Link to comment
Share on other sites
Sparda Newbie

Sparda

Posted
Posted

Once some one figures out how to dump the OS off that, it's basically game over for mobile phones and there 'security'.

For example Lets say they did every thing they can to make it secure: They use an compressed encrypted image to boot from, the CPU is specially built knowing the encryption key (some how). At startup the BIOS (or what ever) chooses a random session key that is used to encrypt the contents of memory before it leaves the CPU and the CPU stores it in a register or some thing so it never leaves the CPU.

In this case where every thing that goes in to the CPU is encrypted and is encrypted again on the way out there are still things you can do to significantly improve chances of success. Trying to decrypt a compressed boot image isn't going to work. However, if you can take RAM dumps (I know, hardware not particularly easy), well, there is a decent chance that it will contain HTML (and other web page content) along with other common patterns found in memory. It might be a bit slow but it would work eventually.

Another point of attack may be to try and temper the device so that the random number it generates for the memory isn't so random any more. Tampering with the system clock time and warping it's antennas in foil so it can't take randomness from the air.

Basically, some one some where will figure it out. Though with a device like this it's more likely to end up in the hands of organised crime before any hobbyist posts a how to on the internet.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...