BobH Posted May 16, 2017 Posted May 16, 2017 OK, here is a thought, You can setup EvilAP on a pineapple and get all the lootz on the people that have WiFi enabled and autoconnect setup (most people). But what about people like Us? the ones that are smart enough to turn off WiFi, not autoconnect to networks etc? Why not attack 3-4G! Think about this. You can pick up a mobile Cell Repeater to help with low cellular signal strength at home, but why not hack it so that "anyone" can connect to the mobile tower, rather than the small list of users in your home. Then as you walk into a location, you can automagically pick up all communications (as you will now be the local tower), then if you have the connections, you can send the data through from the cell AP to the Pineapple to hit the fake portals to reap more lootz before passing them on to the internet connection on the Pineapple. My guess would be that you'd have to find some way of accepting the connection with the AP as either unencrypted or break that encryption between AP and Pineapple, then re-encrypt on the back end, or would you. The pwned cell data user would probably not see any difference provided that they are connecting via HTTPS to the website of their choice, and of course, the APs are branded, so you will only get 1 vendor at a time/roamers (but they are few now). But think of the Pwnage!!! PS> As a (mostly) WhiteHat, this is of course for testing purposes only, if anyone can figure out the way to do it... Bob 1 Quote
Dave-ee Jones Posted May 17, 2017 Posted May 17, 2017 5 hours ago, BobH said: ...But think of the Pwnage!!! PS> As a (mostly) WhiteHat, this is of course for testing purposes only, if anyone can figure out the way to do it... Bob Yes. White hat. *winks* I believe you. *winks again* Quote
esa Posted May 17, 2017 Posted May 17, 2017 (edited) You might want to look into femtocell https://www.weboost.com/news/blog/cell-phone-signal-booster-or-femtocell/ https://www.digitaltrends.com/mobile/femtocell-verizon-hack/ Edited May 17, 2017 by esa Quote
BobH Posted May 17, 2017 Author Posted May 17, 2017 11 hours ago, Dave-ee Jones said: Yes. White hat. *winks* I believe you. *winks again* Well we all have day jobs at least... :) Quote
digip Posted May 17, 2017 Posted May 17, 2017 Fem to cell boosters are 300-500$$ a unit, and all they do, is boost signal. If you want MITM, you want something like an IMSI catcher which can both track and MITM(with the right added software) 4g/LTE phones. Older 4G and 3G, you could add a 2G base station that forced users to connect to it by being the closest signal, and then intercepting traffic. There are other devices I can't remember the name of but sure a little gooling you'll find they aren't cheap. Some of the hardware starts $1k and up, but I know SDR tools these days come in all kinds of new packages that can probably help the home DIY tester for experimenting on their own equipment. Quote
esa Posted May 17, 2017 Posted May 17, 2017 Interesting article. Do also make sure that playing with such device is legal in your country. https://arstechnica.com/security/2015/10/low-cost-imsi-catcher-for-4glte-networks-track-phones-precise-locations/ https://arxiv.org/pdf/1702.04434.pdf Quote
digip Posted June 3, 2017 Posted June 3, 2017 Came across this today. https://evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/ There is also an IMSI catcher project, that hopes to be able to find and notify you of rouge base stations, since not just hobbyists, but law enforcement is more and more using these at places like protests and such, it's only a matter of time before we need to develop something else for communication, which many people are already using signal and other messaging such apps on their phones, they can still be tracked by the phone's GPS and GSM leaked data and put someone at the scene of a crime, even if they were only just walking by while one happened. https://techcrunch.com/2017/06/02/who-catches-the-imsi-catchers-researchers-demonstrate-stingray-detection-kit/?ncid=rss The IMSI catcher project https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector is on GIT and also has pre-made APK's for install on Sourceforge, but you'll need a rooted phone to install one (as far as I know). Quote
Dave-ee Jones Posted June 9, 2017 Posted June 9, 2017 On 6/4/2017 at 1:12 AM, digip said: Came across this today. https://evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/ There is also an IMSI catcher project, that hopes to be able to find and notify you of rouge base stations, since not just hobbyists, but law enforcement is more and more using these at places like protests and such, it's only a matter of time before we need to develop something else for communication, which many people are already using signal and other messaging such apps on their phones, they can still be tracked by the phone's GPS and GSM leaked data and put someone at the scene of a crime, even if they were only just walking by while one happened. https://techcrunch.com/2017/06/02/who-catches-the-imsi-catchers-researchers-demonstrate-stingray-detection-kit/?ncid=rss The IMSI catcher project https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector is on GIT and also has pre-made APK's for install on Sourceforge, but you'll need a rooted phone to install one (as far as I know). Not to say that it actually works..However they do seem quite powerful (IMSI Catchers), basically leaving no trace. Using this kind of hardware you could potentially spoof being someone else or change someone's message/call (or even redirect it). E.g. you intercept a message via your IMSI catcher and change the message as it goes, the receiver getting a message that has been filtered by the IMSI catcher. To do this you would need to be able to send/receive SMS', calls and other internet connected messages from the IMSI catcher. But it could be possible as it is a MITM attack...But it would also leave a trace. Quote
digip Posted June 9, 2017 Posted June 9, 2017 The IMSI catcher project is working to decloak rouge towers, ie: when law enforcement is tracking you or others for that matter, as they have been known to deploy their own at rallies and protests to track people. Partially, there is no clear law on the matter in how they can be abused by law enforcement either, so long as they aren't "wiretapping" conversations without court orders, tracking your phone is apparently gray area, so if they can identify numbers alone and hardware ID's, they can put you at the scene of a crime, even if you were just walking past it and not involved, which is why they always tell you turn off your phone at a protest or political rally, even if doing nothing wrong. Your presence is like guilty by association in a sense. Quote
datajumper Posted June 10, 2017 Posted June 10, 2017 oh man ive been thinking of doing this for a while ...if i can do it cheap enough im going 4 it lol you guys are awsome ! .... can this be done with a rtl sdr like the one darren kitchen had ? i think its like 20 bucks i only ask because i seen the link that dave ee jones posted about the evil socket but this is a great project if we can accomplish it i mean because everyone is going to cell phone my girlfriend doesnt even get on her laptop anymore at all good luck getting me to give up my laptop / desktop's lol ill be running linux til the world ends thanks 4 the idea thumbs up !!! Quote
Dave-ee Jones Posted June 14, 2017 Posted June 14, 2017 On 6/11/2017 at 0:56 AM, datajumper said: good luck getting me to give up my laptop / desktop's lol ill be running linux til the world ends That made me lol. Quote
0phoi5 Posted June 14, 2017 Posted June 14, 2017 On 10/06/2017 at 3:56 PM, datajumper said: I'll be running linux til the world ends Technically it would be the best operating system for after the World ends, too. Less power required, smaller footprint and can be installed on almost any device Not sure pentester would be a viable career though! Quote
Dave-ee Jones Posted June 14, 2017 Posted June 14, 2017 (edited) 13 hours ago, haze1434 said: Technically it would be the best operating system for after the World ends, too. Less power required, smaller footprint and can be installed on almost any device Not sure pentester would be a viable career though! World ends = not world ends?? What you talkin' bout, Willis? There'll be no devices or power or anything.. Edited June 14, 2017 by Dave-ee Jones Quote
datajumper Posted June 18, 2017 Posted June 18, 2017 On 6/14/2017 at 6:21 PM, Dave-ee Jones said: World ends = not world ends?? What you talkin' bout, Willis? There'll be no devices or power or anything.. lmao ....... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.