![]() |
GSM firewall
|
Re: GSM firewall
Quick message...
There was a bit of discussion on IRC about CryptoPhone and possibility of sending encrypted audio over GSM: http://infobot.rikers.org/%23neo900/20140902.html.gz Thank you. ~~~~~~~~~~~~~~~~~ Per aspera ad astra... |
Re: GSM firewall
Quote:
- yes, it is possible to hijack UE<->RAN connections - no, it still isn't possible to actuate phone camera or sound pickup without initiating a call - no, the "firewall" proposed on cryptophone is not feasible |
Re: GSM firewall
Quote:
- Yes, that includes the GPRS data - Not so sure about this one, but I feel confident,that once you have hijacked the phones GSM/GPRS you can gain enough control to activate the camera and microphone etc by several types of attack. Possibly you can do this by a specially crafted SMS, but definately I have no doubt you can do this if you hijack the phone GPRS connection. . Why not ? The celltowers connecting the phone can be maches at the simplest by a comparison to know cell tower ID ranges or specific IDs? I think thi could be quite easily implemented. |
Re: GSM firewall
Quote:
Though I haven't read the whole article [2014-09-04 Thu 00:26:28] <DocScrutinizer05> http://www.kuketz-blog.de/imsi-catch...droid-aimsicd/ (4.1) We'll offer similar functions ;-) /j |
Re: GSM firewall
Quote:
See http://neo900.org/stuff/piwo/piwo.pdf (slides 39-50) [edit] hehe, got ninja'd :) |
Re: GSM firewall
Very interesting....
like the idea of a firewall type app too.... dos1 ....'bout piwo ....smooth presentation...love it. :D I don't know too many who can integrate borg picard and spongebob onto the same page. LOVE IT. :D |
Re: GSM firewall
Quote:
However, there is no possible legal state transition that could lead to this kind of action. The only way I can see for this to happen would be if the attacker could inject malicious code into the target UE and get it running; imagine for example an instance of Prey on the device controlled by remote malicious party. Such attack would be device-dependent however, there might be some manufacturer/model that is vulnerable to a hand-crafted attack vector specifically targeted to it but no possibility to create a generic attack. Quote:
|
Re: GSM firewall
Quote:
Regarding masquerading an IMSI-catcher as regular BTS (incl Cell_ID and all): _can_ be done, but begs for trouble, so usually they don't do it aiui. /j |
Re: GSM firewall
Quote:
The worst bunch is anything with integrated SOC running baseband having shared memory access with main CPU. However, I personally feel that it is significantly higher risk to get your device infected with "standard" malicious SW having nothing to do with BB or 3G stack. There exist loads of crap especially for Androids aiming for that. Quote:
(as I believe cryptophone is still vaporware...) |
All times are GMT. The time now is 23:11. |
vBulletin® Version 3.8.8