Active Topics
-
Firefox with Leste (10)
to Maemo 7 / Leste by teroyk - 2 days, 15 hrs ago - more...
|
2014-09-03
, 16:05
|
|
Posts: 1,994 |
Thanked: 3,342 times |
Joined on Jun 2010
@ N900: Battery low. N950: torx 4 re-used once and fine; SIM port torn apart
|
#2
|
Quick message...
There was a bit of discussion on IRC about CryptoPhone and possibility of sending encrypted audio over GSM:
http://infobot.rikers.org/%23neo900/20140902.html.gz
Thank you.
~~~~~~~~~~~~~~~~~
Per aspera ad astra...
There was a bit of discussion on IRC about CryptoPhone and possibility of sending encrypted audio over GSM:
http://infobot.rikers.org/%23neo900/20140902.html.gz
Thank you.
~~~~~~~~~~~~~~~~~
Per aspera ad astra...
| The Following User Says Thank You to Wikiwide For This Useful Post: | ||
|
|
2014-09-03
, 16:39
|
|
Community Council |
Posts: 4,920 |
Thanked: 12,867 times |
Joined on May 2012
@ Southerrn Finland
|
#3
|
Originally Posted by JohnHughes
As usual the article contained just a pinch of facts and a load of BllSHT to go
Could a Neo900 do something like this?
http://www.wired.com/2014/09/cryptop...e-cell-towers/
- yes, it is possible to hijack UE<->RAN connections
- no, it still isn't possible to actuate phone camera or sound pickup without initiating a call
- no, the "firewall" proposed on cryptophone is not feasible
| The Following 4 Users Say Thank You to juiceme For This Useful Post: | ||
|
|
2014-09-03
, 18:50
|
|
Guest |
Posts: n/a |
Thanked: 0 times |
Joined on
|
#4
|
Originally Posted by juiceme
. Yes it is possible to hijack a phone connection
As usual the article contained just a pinch of facts and a load of BllSHT to go
- yes, it is possible to hijack UE<->RAN connections
- no, it still isn't possible to actuate phone camera or sound pickup without initiating a call
- no, the "firewall" proposed on cryptophone is not feasible
- Yes, that includes the GPRS data
- Not so sure about this one, but I feel confident,that once you have hijacked the phones GSM/GPRS you can gain enough control to activate the camera and microphone etc by several types of attack. Possibly you can do this by a specially crafted SMS, but definately I have no doubt you can do this if you hijack the phone GPRS connection.
. Why not ? The celltowers connecting the phone can be maches at the simplest by a comparison to know cell tower ID ranges or specific IDs? I think thi could be quite easily implemented.
| The Following 3 Users Say Thank You to For This Useful Post: | ||
 |
|
2014-09-04
, 00:23
|
|
Posts: 2,222 |
Thanked: 12,651 times |
Joined on Mar 2010
@ SOL 3
|
#5
|
Originally Posted by JohnHughes
Yes.
Could a Neo900 do something like this?
http://www.wired.com/2014/09/cryptop...e-cell-towers/
Though I haven't read the whole article
[2014-09-04 Thu 00:26:28] <DocScrutinizer05> http://www.kuketz-blog.de/imsi-catch...droid-aimsicd/ (4.1) We'll offer similar functions ;-)
/j
Last edited by joerg_rw; 2014-09-04 at 00:25.
| The Following 4 Users Say Thank You to joerg_rw For This Useful Post: | ||
 |
|
2014-09-04
, 00:30
|
|
Posts: 257 |
Thanked: 2,053 times |
Joined on Sep 2010
@ Warsaw, Poland
|
#6
|
Originally Posted by JohnHughes
Yes, our modem monitoring should cover most of cases described in this article. There should be enough support in hardware to make writing such "firewall" app possible.
Could a Neo900 do something like this?
http://www.wired.com/2014/09/cryptop...e-cell-towers/
See http://neo900.org/stuff/piwo/piwo.pdf (slides 39-50)
[edit] hehe, got ninja'd
__________________
Sebastian Krzyszkowiak - https://dosowisko.net/
Long term Openmoko supporter. Owner of two Neo Freerunners, a few N900s and some others too.
Future owner of the Neo900
Sebastian Krzyszkowiak - https://dosowisko.net/
Long term Openmoko supporter. Owner of two Neo Freerunners, a few N900s and some others too.
Future owner of the Neo900
| The Following 4 Users Say Thank You to dos1 For This Useful Post: | ||
 |
|
2014-09-04
, 00:50
|
|
Posts: 3,141 |
Thanked: 8,161 times |
Joined on Feb 2013
@ From my Gabriola Island hermitage, near the Edge of the World
|
#7
|
Very interesting....
like the idea of a firewall type app too....
dos1 ....'bout piwo ....smooth presentation...love it.
I don't know too many who can integrate borg picard and spongebob onto the same page. LOVE IT.
Last edited by endsormeans; 2014-09-04 at 00:52.
like the idea of a firewall type app too....
dos1 ....'bout piwo ....smooth presentation...love it.
I don't know too many who can integrate borg picard and spongebob onto the same page. LOVE IT.
__________________
Lurker since 2007, Member since 2013, Certifiable since 1972
Owner of :
1-n770 (in retirement), 3-n800's / 3-n810's (still in daily use), 5-n900's ((3 are flawless, 1 loose usb ( parts), 1 has no telephony (parts))
3-nexus 5's : 1 w/ Floko Pie 9.1 (running beautifully) waiting for Stable Droid 10 rom, 1 w/ ̶Ubuntu Touch, 1 with Maru OS (intend maemo leste when ready)
1/2 - neo900 pre- "purchased" in 2013. N̶o̶w̶ ̶A̶w̶a̶i̶t̶i̶n̶g̶ ̶r̶e̶f̶u̶n̶d̶ ̶p̶r̶o̶c̶e̶s̶s̶ ̶l̶a̶s̶t̶ ̶f̶e̶w̶ ̶y̶e̶a̶r̶s̶ - neo900 start up declared officially dead -
Lost invested funds.
PIMP MY N8X0 (Idiot's Guide and a video walkthrough)http://talk.maemo.org/showthread.php?t=94294
THE LOST GRONMAYER CATALOGShttp://talk.maemo.org/showthread.php...ight=gronmayer
N8X0 VIDEO ENCODING THE EASY WAYhttp://talk.maemo.org/showthread.php...ght=mediacoder
242gb ON N800http://talk.maemo.org/showthread.php?t=90634
THE PAIN-FREE MAEMO DEVELOPMENT LIVE DISTRO-ISO FOR THE NOOB TO THE PROhttp://talk.maemo.org/showthread.php?t=95567
AFFORDABLE MASS PRODUCTION FOR MAEMO PARTShttp://talk.maemo.org/showthread.php?t=93325
Meateo balloons now available @ Dave999's Meateo Emporium
Lurker since 2007, Member since 2013, Certifiable since 1972
Owner of :
1-n770 (in retirement), 3-n800's / 3-n810's (still in daily use), 5-n900's ((3 are flawless, 1 loose usb ( parts), 1 has no telephony (parts))
3-nexus 5's : 1 w/ Floko Pie 9.1 (running beautifully) waiting for Stable Droid 10 rom, 1 w/ ̶Ubuntu Touch, 1 with Maru OS (intend maemo leste when ready)
1/2 - neo900 pre- "purchased" in 2013. N̶o̶w̶ ̶A̶w̶a̶i̶t̶i̶n̶g̶ ̶r̶e̶f̶u̶n̶d̶ ̶p̶r̶o̶c̶e̶s̶s̶ ̶l̶a̶s̶t̶ ̶f̶e̶w̶ ̶y̶e̶a̶r̶s̶ - neo900 start up declared officially dead -
Lost invested funds.
PIMP MY N8X0 (Idiot's Guide and a video walkthrough)http://talk.maemo.org/showthread.php?t=94294
THE LOST GRONMAYER CATALOGShttp://talk.maemo.org/showthread.php...ight=gronmayer
N8X0 VIDEO ENCODING THE EASY WAYhttp://talk.maemo.org/showthread.php...ght=mediacoder
242gb ON N800http://talk.maemo.org/showthread.php?t=90634
THE PAIN-FREE MAEMO DEVELOPMENT LIVE DISTRO-ISO FOR THE NOOB TO THE PROhttp://talk.maemo.org/showthread.php?t=95567
AFFORDABLE MASS PRODUCTION FOR MAEMO PARTShttp://talk.maemo.org/showthread.php?t=93325
Meateo balloons now available @ Dave999's Meateo Emporium
Last edited by endsormeans; 2014-09-04 at 00:52.
|
|
2014-09-04
, 09:32
|
|
Community Council |
Posts: 4,920 |
Thanked: 12,867 times |
Joined on May 2012
@ Southerrn Finland
|
#8
|
Originally Posted by nieldk
Well, in an infinite universe anything is possible, and I do not doubt that the UMTS signaling stack is perfect: far from it. There might well be bugs that allow some undocumented functionality to emerge.
Originally Posted by juiceme- Not so sure about this one, but I feel confident,that once you have hijacked the phones GSM/GPRS you can gain enough control to activate the camera and microphone etc by several types of attack. Possibly you can do this by a specially crafted SMS, but definately I have no doubt you can do this if you hijack the phone GPRS connection.- no, it still isn't possible to actuate phone camera or sound pickup without initiating a call
However, there is no possible legal state transition that could lead to this kind of action.
The only way I can see for this to happen would be if the attacker could inject malicious code into the target UE and get it running; imagine for example an instance of Prey on the device controlled by remote malicious party.
Such attack would be device-dependent however, there might be some manufacturer/model that is vulnerable to a hand-crafted attack vector specifically targeted to it but no possibility to create a generic attack.
Originally Posted by nieldk
The attack device can easily masquarade using existing cell area&BTS signatures that it anyway can observe. There is pretty much no way that the target UE can shield against this type of attack.
Originally Posted by juiceme. Why not ? The celltowers connecting the phone can be maches at the simplest by a comparison to know cell tower ID ranges or specific IDs? I think this could be quite easily implemented.- no, the "firewall" proposed on cryptophone is not feasible
|
|
2014-09-04
, 17:32
|
|
Posts: 2,222 |
Thanked: 12,651 times |
Joined on Mar 2010
@ SOL 3
|
#9
|
Originally Posted by juiceme
However please note that Neo900 has NO way the GSM/UMTS stack can inject ANY commands into the main system. Our modem is sandboxed and we even do more than this, we have surveillance for the sandbox, detecting every little move the modem does, then decide if it's concerning or expected. Worst case we shoot complete modem down when it misbehaves. In that regard we're even better than cryptophone used for the IMSI-catcher "firewall" liked to in above post.
Well, in an infinite universe anything is possible, and I do not doubt that the UMTS signaling stack is perfect: far from it. There might well be bugs that allow some undocumented functionality to emerge.
However, there is no possible legal state transition that could lead to this kind of action.
The only way I can see for this to happen would be if the attacker could inject malicious code into the target UE and get it running; imagine for example an instance of Prey on the device controlled by remote malicious party.
Such attack would be device-dependent however, there might be some manufacturer/model that is vulnerable to a hand-crafted attack vector specifically targeted to it but no possibility to create a generic attack.
The attack device can easily masquarade using existing cell area&BTS signatures that it anyway can observe. There is pretty much no way that the target UE can shield against this type of attack.
Regarding masquerading an IMSI-catcher as regular BTS (incl Cell_ID and all): _can_ be done, but begs for trouble, so usually they don't do it aiui.
/j
| The Following 4 Users Say Thank You to joerg_rw For This Useful Post: | ||
|
|
2014-09-04
, 19:47
|
|
Community Council |
Posts: 4,920 |
Thanked: 12,867 times |
Joined on May 2012
@ Southerrn Finland
|
#10
|
Originally Posted by joerg_rw
Yes. I'd expect Neo900 is of the few devices that are not vulnerable to this kind of attack at all.
However please note that Neo900 has NO way the GSM/UMTS stack can inject ANY commands into the main system. Our modem is sandboxed and we even do more than this, we have surveillance for the sandbox, detecting every little move the modem does, then decide if it's concerning or expected. Worst case we shoot complete modem down when it misbehaves. In that regard we're even better than cryptophone used for the IMSI-catcher "firewall" liked to in above post.
The worst bunch is anything with integrated SOC running baseband having shared memory access with main CPU.
However, I personally feel that it is significantly higher risk to get your device infected with "standard" malicious SW having nothing to do with BB or 3G stack. There exist loads of crap especially for Androids aiming for that.
Originally Posted by joerg_rw
True, there currently being no device that does detect it
Regarding masquerading an IMSI-catcher as regular BTS (incl Cell_ID and all): _can_ be done, but begs for trouble, so usually they don't do it aiui.
/j
(as I believe cryptophone is still vaporware...)
http://www.wired.com/2014/09/cryptop...e-cell-towers/