» Eavesdropping

Hacker Spoofs Cell Phone Tower to Intercept Calls

carrumba — Mon, 02 Aug 2010 10:42:47 +0000

A security researcher created a cell phone base station that tricks cell phones into routing their outbound calls through his device, allowing someone to intercept even encrypted calls in the clear.

The device tricks the phones into disabling encryption and records call details and content before they’re routed on their proper way through voice-over-IP.

The low-cost, home-brewed device, developed by researcher Chris Paget, mimics more expensive devices already used by intelligence and law enforcement agencies – called IMSI catchers – that can capture phone ID data and content. The devices essentially spoof a legitimate GSM tower and entice cell phones to send them data by emitting a signal that’s stronger than legitimate towers in the area.

“If you have the ability to deliver a reasonably strong signal, then those around are owned,” Paget said.

Paget’s system costs only about $1,500, as opposed to several hundreds of thousands for professional products. Most of the price is for the laptop he used to operate the system.

Doing this kind of interception “used to be a million dollars, now you can do it with a thousand times less cost,” Paget said during a press conference after his attack. “If it’s $1,500, it’s just beyond the range that people can start buying them for themselves and listening in on their neighbors.”

Paget’s device captures only 2G GSM calls, making AT&T and T-Mobile calls, which use GSM, vulnerable to interception. Paget’s aim was to highlight vulnerabilities in the GSM standard that allows a rogue station to capture calls. GSM is a second-generation technology that is not as secure as 3G technology.

Cell phone eavesdropping enters script-kiddie phase

carrumba — Thu, 29 Jul 2010 13:19:50 +0000

Black Hat Independent researchers have made good on a promise to release a comprehensive set of tools needed to eavesdrop on cell phone calls that use the world’s most widely deployed mobile technology.

“The whole topic of GSM hacking now enters the script-kiddie stage, similar to Wi-Fi hacking a couple years ago, where people started cracking the neighbor’s Wi-Fi,” said Karsten Nohl, a cryptographer with the Security Research Labs in Berlin who helped spearhead the project. “Just as with Wi-Fi, where they changed the encryption to WPA, hopefully that will happen with GSM, too.”
The suite of applications now includes Kraken, software being released at the Black Hat security conference on Thursday that can deduce the secret key encrypting SMS messages and voice conversations in as little as 30 seconds. It was developed by Frank A. Stevenson, the same Norwegian programmer who almost a decade ago developed software that cracked the CSS encryption scheme protecting DVDs.

Find whole article here : Cell phone eavesdropping enters script-kiddie phaset

Czech experts uncover global virus network

carrumba — Thu, 18 Feb 2010 12:51:53 +0000

Czech security experts have uncovered a global network of devices attacked by computer viruses within which it was possible to wiretap and gain access to sensitive data, Jan Vykopal, head of the security project of Masaryk University, told CTK yesterday.

Modems were among the attacked devices as they are only poorly protected. The viruses were able to deflect the communication of Internet users to servers where they could be wiretapped, Vykopal said.

Vykopal’s colleagues along with experts from the Brno Military Academy and the Defence Ministry have uncovered the dangerous network.

“The assailants have denoted the network of the subjugated installations as Chuck Norris,” Defence Ministry spokeswoman Lucie Kubovicova said.

Experts said the network’s main threats included the gaining of various sensitive data such as access details for bank accounts, e-mail boxes, passwords to various services, social networks and users’ other personal data.

Besides, a number of computers and other installations connected through the Internet can be used for attacks on well secured servers as well, Vykopal said.

“We do not know whether the network we uncovered can also be used for this as we do not know the number of the devices that are included in it,” Vykopal said.

Secret code protecting cellphone calls set loose

carrumba — Tue, 29 Dec 2009 07:38:11 +0000

Cryptographers have moved closer to their goal of eavesdropping on cellphone conversations after cracking the secret code used to prevent the interception of radio signals as they travel between handsets and mobile operators’ base stations.

The code is designed to prevent the interception of phone calls by forcing mobile phones and base stations to rapidly change radio frequencies over a spectrum of 80 channels. Without knowing the precise sequence, would-be eavesdroppers can assemble only tiny fragments of a conversation.

At a hacker conference in Berlin that runs through Wednesday, the cryptographers said they’ve cracked the algorithm that determines the random channel hopping and have devised a practical means to capture entire calls using equipment that costs about $4,000. At the heart of the crack is open-source software for computer-controlled radios that makes the frequency changes at precisely the same time, and in the same order, that the cellphone and base station do.

“We now know this is possible,” said Karsten Nohl, a 28-year-old cryptographer and one of the members of an open-source project out to prove that GSM, the technical standard used by about 80 percent of the mobile market, can’t be counted on to keep calls private. The attack “is practical, and there are real vulnerabilities that people are exploiting.”

A spokeswoman for the GSM Association, which represents 800 operators in 219 countries, said officials hadn’t yet seen the research.

“GSM networks use encryption technology to make it difficult for criminals to intercept and eavesdrop on calls,” she wrote in an email. “Reports of an imminent GSM eavesdropping capability are common.”

The channel-hopping crack comes as the collective is completing the compilation of a rainbow table that allows them to decrypt calls as they happen. The table works because GSM encryption uses A5/1, a decades-old algorithm with known weaknesses. The table – a 2-terabyte list of known results that allows cryptographers to deduce the unique key that encrypts a given conversation – was developed by volunteers around the globe using giant clusters of computers and gaming consoles.

Watching encrypted Skype traffic with SkypeDLLInjector

carrumba — Tue, 04 Aug 2009 12:30:22 +0000


Tool name :	SkypeDLLInjector version 0.1

Description :	SkypeDLLInjector is a tool to demonstrate how DLL injection works. In this proof of concept it is applied to the Skype application. It consists of a loader application which remains running in the background and a DLL which will be injected into every newly started program via a system wide Windows hook. All what this tool does is interception the function calls recv() and send() to inspect the network data skype is sending and receiving. Because Skype traffic is encrypted only a small portion of the traffic is readable. But it could inspire you to create your own tools which eavesdrop other calls to intercept sensitive data (as the username and password for example).

Tested on :	Windows XP

Feedback :	In case you encounter any problems with the tool, you have suggestions to improve it, or you tested it with a Windows version i’ve not yet tested please drop me an email.

Downloads :	Binary \| Source

Tools for eavesdropping and video hijacking.

carrumba — Mon, 03 Aug 2009 20:20:53 +0000

Just found this article on cnet about eavesdropping and video hijacking.

Showing off technology that James Bond would love, two researchers at Defcon on Friday demonstrated tools that allow people to eavesdrop on video conference calls and intercept surveillance camera video.

An attacker needs to be in the same building as the victims to carry out the man-in-the-middle attacks over the network.

The free UCSniff tool, available in Linux and Windows versions, offers a slick graphical user interface for sniffing video, said Jason Ostrom, director of the Viper Lab at Sipera Systems. The tool basically tricks the voice-over-IP network carrying the video into sending the data packets to the attacker’s computer, he said.

This could be used to spy on people. For instance, an attacker could listen in on and record confidential conversations between an executive who is on a video conference call with another remote executive, according to Ostrom.

Read the full article here.