Mobile Phone Security

[Its Only Me]

Hi Everyone

I'm looking at the security of Mobile Phones and was wondering if you have logged onto public Wifi or logged onto false wifi like Pineapple Karma and someone has your phones Mac or IP address, can that then be used to hack your phone or can it be used to 'Ping' your phone to give its approximate location?

[digininja]

Just knowing your IP won't let them hack you, you being on the same network as them and them knowing you are there opens you up to attack but most phones are fairly well locked down so attacks against the device itself aren't likely to do much, more likely they will be against the network traffic.

Knowing your IP or MAC won't let someone find out where you physically are however there are tools (Snoopy) which can be deployed around an area to look for MAC addresses sending out probe requests. It logs those centrally and can then show where that MAC was seen based on its multiple devices. They demo'd tracing people as they walked around London.

[Its Only Me]

Thanks Digininja

It was just something I had been wondering about and thought I would ask, so thats cleared that up. Cheers

[Smart-Aswood]

This looks like a fitting place to bring this up. We have some troubles connecting victims to Jasagers these days. I remember Vivek-Ramachandran on SecurityTube showing how easy it was to fool his iPhone into logging in to a Mitm attack. That was a couple of years ago. Bet he can't do that with the phone he has now. Tablet either. Laptops are still fair game, for now.

This all happened because devices like the Pineapple did their job. Good old honey pot still works though. Give it a good name and a certain percentage of people will log in. Free Fast and Private Wireless.