Jump to content

Sniffing Wireless and Smartphones


andrecvnt
 Share

Recommended Posts

Hi everyone!

I was studying about man-in-the-middle attacks in wireless and wire networks and was wondering how it works to smartphone.

All these attacks we have (like arpspoof, sslstrip) are useful for smartphones conected to the wireless network?

I mean, how does smartphone works? What are they behavior in the network? For example, Gmail, Facebook, Twitter, they authenticates in the same way as in the web browsers? They use session cook as well? Is the encrypted channel (SSL)? They use HSTS just like the moderns browsers?

I never found any guideline, books or something about it. So if someone point me any direction where I can read and study about I would be glad!

Another question I have is: To sniff a wireless network there is no need to arpspoof or arppoison, because we can listen to the whole network when the network card is on monitor mode and in the same wireless channel frequency, right?

Link to comment
Share on other sites

Meh i noticed on this forum no one seems to want to go about talking about anything that isn't about Ethical Hacking and its understandable however i have done alot of videos that cover Man in the middle attacks on my YouTube channel that you can check out and anyone else whos interested.

To answer you're question yes its still possible to hack smart phones over a wireless network however if their connected over 3g/4g i've never honestly tried but i don't think you can or at least i'd hope you can't cause that should be encrypted data on them kinda networks.

However gmail facebook and any other websites using the newer HTTPS with TLS not likely you will be hacking them kinda logins unless you're phishing and dns spoofing the target website the victim is going to.

Fact i just released a video the other day to my collection of series im doing on the Social Engineering Toolkit. The one i released was using Credential Harvester Attack method with ettercap and dns spoof.

You ever have any questions im always willing to try my best to help however i don't hack for people i managed to do a good job by myself getting arrested for hacking i don't need help :D

I seem to always get alot of people asking me to help them hack a facebook account or something stupid of that nature if it was that easy facebook would be hacked everyday not that its not but there would be alot of people doing it compared to just people who spend time finding holes in facebook.

Link to comment
Share on other sites

Meh i noticed on this forum no one seems to want to go about talking about anything that isn't about Ethical Hacking

Um, we talk about pretty much anything. We don't condone everything under the sun, but we generally will talk about any topic. If its someone asking how to hack their school or obvious someone wanting spoon fed just how to attack someone or do something to attack someone maliciously, sure, we usually stay away from those sorts of topics. Another reason people don't always respond though, most questions HAVE BEEN ASKED and if you use that little search box at the top of the forums, you might find the answer on your own without too much reading, which, in general, never hurts since the more you read and know, the better you will understand how things work.

As for the ops questions:

I was studying about man-in-the-middle attacks in wireless and wire networks and was wondering how it works to smartphone.

All these attacks we have (like arpspoof, sslstrip) are useful for smartphones conected to the wireless network?

If its on the wireless, MITM works pretty much the same as it would for any other device on the lan.

I mean, how does smartphone works? What are they behavior in the network? For example, Gmail, Facebook, Twitter, they authenticates in the same way as in the web browsers? They use session cook as well? Is the encrypted channel (SSL)? They use HSTS just like the moderns browsers?

If using a browser over the network lan, then you face same issues you do with a PC, SSL, etc. If its an APP on the phone, the app itself might be vulnerable in some manner, or even the phone OS itself, which is a whole other area of hacking in general. You would attack the same way. If the phone went over cellular, well, wifi won't do you any good, but you might be able to get into the phone if bluetooth is enabled, and then you're basically hacking into the phone directly over blutooth, and from there doing whatever you use. Check out Georgia Weidman's cell phone spf (Smartphone Pentesting Framework) which can hack phones and such using sms, etc.

Also for other types of phone hacks, you can intercept data but you have to impersonate a cell tower and which type of phone network it is (CDMA vs GSM for example) which can be done with things like a USRP or Software Defined Radio devices but thats way over my head. Check out Security Tube and just google in general.

I never found any guideline, books or something about it. So if someone point me any direction where I can read and study about I would be glad!

Google. Pretty much anything, google, read, other forums, videos, etc, all kind of same thing. You want to learn about something, not everyone here has an answer, and if they do, not everyone has the time to write a response either.

Another question I have is: To sniff a wireless network there is no need to arpspoof or arppoison, because we can listen to the whole network when the network card is on monitor mode and in the same wireless channel frequency, right?

Yes and No. If the wifi is open, not encrypted, it may be possible while in monitor mode to capture plain text data but usually you'll have better results with MITM attacks, side jacking, cookie/session stealing, and such. If on WEP, you need to crack it, and then MITM the target, and if its WPA/WPA2, same deal. WEP and WPA/WPA2 are encrypted, so even in monitor mode, most you will see, is probes and beacons, deauths, but no plain text data to steal or capture.

Testing at home, with your own wifi, if its unencrypted, start dsniff on one of your machines using wifi and sniff your home router, and then on another machine (thats on wifi as well, not wired) log into some sites or open an email client and see what it captures. If on wired, use MITM first to capture data, which can be seen using something like wireshark or any other packet sniffing tools. Once something is MITM'd only thing to protect the data is for the client you are trying to attack, to encrypt all their data, using either a secured tunnel or VPN setup which is why even using WPA2 at a place like a coffee shop, its still a good idea to use a VPN or Tunnel all your traffic.

Consider wifi insecure no matter what and a hostile environment.

Edited by digip
Link to comment
Share on other sites

  • 2 weeks later...

At toorcon SD there was an interesting talk about the Femtocell and Smartphone hacking:

For fair use from: http://sandiego.toorcon.net/seminars/

Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell
I have a box on my desk that your CDMA cell phone will automatically connect to while you send and receive phone calls, text messages, emails, and browse the Internet. I own this box. I watch all the traffic that crosses it and you don’t even know you’re connected to me.

This box is a femtocell, a low-power cellular base station given or sold to subscribers by mobile network operators. It works just like a small cell tower, using a home Internet connection to interface with the provider network. When in range, a mobile phone will connect to a femtocell as if it were a standard cell tower and send all its traffic through it without any indication to the user. Inside, they run Linux, and they can be hacked.

During this talk, we will demonstrate how we’ve used a femtocell for traffic interception of voice/SMS/data, active network attacks, and explain how we were able to clone a mobile device without physical access.

Doug DePerry
Doug DePerry is a Senior Security Consultant at iSEC Partners in New York City. In addition to his day-to-day consultant duties, Doug is also responsible for helping manage employee/new hire training as well as the summer intern program.
At iSEC Doug has recently taken a deeper interest in iOS and crypto assessments as well as architecture reviews. He has also written a whitepaper on HTML5 titled, ‘HTML5 Security:The Modern Web Browser Perspective’.
Prior to joining iSEC, Doug worked for various defense contractors and the US Army.

Andrew Rahimi
Andrew Rahimi is a Security Engineer for iSEC Partners in New York. He is a recent graduate of Bucknell University with an undergraduate degree in Computer Science & Engineering. His interests primarily include CDMA mobile phone research, satellite TV/Radio, WiFi, and other consumer network-oriented technologies.

Link to comment
Share on other sites

At toorcon SD there was an interesting talk about the Femtocell and Smartphone hacking:

For fair use from: http://sandiego.toorcon.net/seminars/

Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell

Totally forgot about femtocell attacks. I've been looking at https://play.google.com/store/apps/details?id=bluejaysoftware.b4a.utility.femtowidgetlite&hl=en and wondering if it offers any sort of protection to end users though.

There is also this, but says for Verizon users. I don't have Verizon, but I imagine, my phone would still connect to a Femtocell anyway.

https://play.google.com/store/apps/details?id=com.isecpartners.femtocatcher

Edited by digip
Link to comment
Share on other sites

  • 6 months later...

Hey guys, thanks for answering.

Meh i noticed on this forum no one seems to want to go about talking about anything that isn't about Ethical Hacking and its understandable however i have done alot of videos that cover Man in the middle attacks on my YouTube channel that you can check out and anyone else whos interested.

Actually I'm working with information security, but I still not a specialist. All the topics about ethical hacking or white-hat-business-professional are taught at my company, but the others topics, don't. But I still believe that if I want to be a good professional I need to know both sides (white&black).

I see that mobile is subject totally different and worth studying. It is always worth multidisciplinary skills, but I'm in a certain point of my carreer where I need to specialize in something, but I still don't know what.

Link to comment
Share on other sites

My learning's on MITM vs smart phones...

Depending on the users habits, facebook, banking, twitter... etc...

Does the user browse his facebook with the web browser (sslstrip is fantastic)

if the User browse his accounts with a specific application other then the browser then depending on that applications security... sslstrip wont work

(I only check facebook app)

There are other tools sslsniff and sslsplit

The facebook app blinks red ( alert warning ) at my attempts to fake the cert...

So. I would like to see some others run test and share what they find... test the popular apps and seewhat plain text you can gather...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...