Jump to content

Episode Suggestion - Cell Phone Hi-jacks


steven_oharra
 Share

Recommended Posts

Lots of videos and weak solutions (remove your battery; yeah, and how do I get incoming calls?), see if its warm... (I live in San Diego!)... see if the battery runs down fast (I'm IT; its charged 2x a day!), "contact vendor to reformat it" (try it, they'll claim ignorance or after much escalation, mention Patriot Act and accidently disconnect)...

Tripwire for smartphones? Seriously... ideas on detecting compromise (hash?) a way to reset to as-shipped format?

Check out flexispy (first in the news) or a few more at:

http://www.youtube.com/watch?v=dfg5xmrLJlo

http://www.thecellsnoop.com/?gclid=COaLo92...CFQ06agod5SW7bw

Link to comment
Share on other sites

The types of 'attack' in those videos more than likely require physical access to the phone.

Detecting it may be impossible as access to the operating system in general is often restricted by both the phone manufacturer and service provider, either through the phones GUI or via a computer. The only thing you can do is press the 'restore factory defaults' button if you think it's been compromised, however, depending on the phones implementation, this may be ineffective if the function even works any more.

Basically, if you get that shit on your phone, your are probably, essentially SOL.

You could get the phone forensically examined, but that's expensive and the phone may never work as a phone again as a result of it been dissembled. You might be able to convince the manufacturer or service provider to have a look at it, but there is a good chance the service engineer will glance at the 'problem' description, press the 'restore factory defaults' button and send it back to you. Best option of time vs money vs it's definitely fixed? Get a new phone.

Link to comment
Share on other sites

or just always have multiple passwords for anyone to access your phone

Or lets put this way, different user accounts with different level of access, like read/write/execute. That way you have more control over who's got what and who can do what. If that makes sense.

Link to comment
Share on other sites

Lots of videos and weak solutions (remove your battery; yeah, and how do I get incoming calls?), see if its warm... (I live in San Diego!)... see if the battery runs down fast (I'm IT; its charged 2x a day!), "contact vendor to reformat it" (try it, they'll claim ignorance or after much escalation, mention Patriot Act and accidently disconnect)...

Tripwire for smartphones? Seriously... ideas on detecting compromise (hash?) a way to reset to as-shipped format?

Check out flexispy (first in the news) or a few more at:

http://www.youtube.com/watch?v=dfg5xmrLJlo

http://www.thecellsnoop.com/?gclid=COaLo92...CFQ06agod5SW7bw

<_<

Okay, we either need to let this die or try reading/thinking a touch more before responding.

The first responder made the unfortunate assumption that physical access was primarily required.

An understandable mistake but that hasn't been necessary for the last 5+ years old.

Do you really think your government needs physical access to your cell if they want to monitor it?

Do you really think anyone that works with the govt or other agencies that do this daily wouldn't leak that?

Do you really think worldwide "services" will fly to your victim's phone to physicaly hack/access it? (for $35!)

These "services" aren't hackers. Someone showed them how to do it and now they reap the profits selling our privacy to a no-talent wanna-be cell eavesdropper that has $35-$75 on his/her credit card to buy your life.

Sadly, the follow-on posters rode that assumption so far off the track no one is even bothering to read the original post and address the issue in a constructive/learning/opportunity for a Hak5 session.

Rarely do knee jerk answers address the problem (though that last one was especially innocent/funny)

I've had so many 1st semester kids like that in my beginning networking classes ...

And, no Tommy...

ACLS (Domino IBM world),

Rights and Permissions (MS world)

ACLs, Permissions, Rights, NDS/Bindery Trustee filters (NetWare)

AccessRights (Unix and by inheritance, Linux)

Which is what you are trying to float is not on today's lesson plan or answer sheet.

How about it,.. any folks out there with the interest and skillset to address how this can be detected and expunged? Please, CRCs or Hashes are no-go (dynamic)... Not trying to rough ride, but if this forum doesn't have the juice or interest (again, understandable), we can go back to the otherwise fun ZIP, Switchblade and pineapple toys (not knocking them,.. they are great fun for a couple hour's diversion)

Remember, they are offering a service that lets them offer 7/24 call recording, realtime GPS for victim's whereabouts, remote muted monitoring, call forwarding and call alert for a one time $35-75 spike.

So...

Back to my original post, wouldn't it be nice to have an Informed Hak5 session on this topic to include how to detect, expunge and better still, deny such no-skill, full-access cracks to anyone's cellphone?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...