1

MOBILE HACKINGDr. Ajay Nagne

Table of Contents2

Introduction

Call Spoofing/forging

SMS Forging

Bluesnarfing

Dr. Ajay Nagne

Overview of Mobile Devices

Mobile computers:– Mainly smartphones, tablets Sensors: GPS, camera,

accelerometer, etc. Computation: powerful

CPUs (≥ 1 GHz, multi-core) Communication:

cellular/4G, Wi-Fi, near field communication (NFC), etc.

Many connect to cellular networks: billing system

Cisco: 7 billion mobile devices will have been sold by 2012 [1]

Organization

3

Dr. Ajay Nagne

History4

The fact of someone hacking cell phonebecame public knowledge when ParisHilton's cell phone, along with herinformation was recently hacked.

Unfortunately for her, all her celebrityfriends and their phone numbers werealso placed on the Internet - resulting ina barrage of calls to each of them.

Dr. Ajay Nagne

What Can A Hacker Do?5

Steal Your Number Your phone number can be accessed and obtained by

cellphone hacking. This allows them to make calls andhave it charged to your account.

Take Your Information Mobile hacking allows a hacker to contact your cell phone,

without your knowledge, and to download your addressesand other information you might have on your phone.Many hackers are not content to only get yourinformation. Some will even change all your phonenumbers! Be sure to keep a backup of your informationsomewhere. This particular technique is calledBluesnarfing.

Dr. Ajay Nagne

6

Rob Your Money

Other options might use a particular buying featurecalled SMS. This refers to the fact that money can betaken from your account and transferred intoanother and a good hacker can sit in one place andaccess a lot of phones and transfer a lot of moneyrather quickly - probably in less time than youthink!

What Can A Hacker Do? Cont. . . .

Dr. Ajay Nagne

7

Give The System A Virus

By using another cell phone hack code, a hackercould kidnap your phone, send it a camouflagedprogram or send it a virus. But it does not end there,since, from that point, he can use your phone toretransmit the virus to many other phones almostinstantly - potentially disabling the system.

What Can A Hacker Do? Cont. . . .

Dr. Ajay Nagne

8

Spy On You

A hacker can also gain access and take over for cellphone spying and remote mobile phone hacking.Literally, once secured, the hacker can have thephone call him, and then be able to listen to allconversations going on around the owner of thephone.

What Can A Hacker Do? Cont. . . .

Dr. Ajay Nagne

9

Access Your Voice Mails Voice mails can also be retrieved by a hacker

through a hacking cell phone. After stealing yournumber, this can easily be done - if your password isdisabled. The main thing that needs to beunderstood here, is that the electronics that giveyou the modern convenience of interacting with theInternet (getting your voice mails, emails, Websurfing, etc.) , is also the same technology thatallows you to receive the same ills as can befallsomeone on the Internet.

What Can A Hacker Do? Cont. . . .

Dr. Ajay Nagne

What Can we Do?10

Use Your Passwords

The cell phone companies tell us that many peoplehave turned off their passwords when they accesstheir voice mail messages, or other things. This littlefeature, though it may seem to be an annoyance tosome, could protect your phone from unauthorizedpurposes.

Dr. Ajay Nagne

What Can we Do? Cont. . . . .11

Upgrade Your Phone

While this cannot guarantee that your phone is nothackable, it certainly will help. It should beremembered that the phone companies work hardto deliver the best technology and conveniences -but the cell phone hacks work just as hard to be thefirst to break the systems designed to defeat them.It is an ongoing battle.

Dr. Ajay Nagne

Call Spoofing / Forging12

Call forging is method to spoof caller idnumber displayed on the mobilephone/landline.

It relies on VoIP (Voice over InternetProtocol)

VoIP is emerging & exciting innovation as faras Information & communication technologyis concerned.

Can be considered as GEN Next Cyber Crime.Dr. Ajay Nagne

About Caller Id Forging/Spoofing13

Caller ID Forging the practice of causing the telephonenetwork to display a number on the recipient's caller IDdisplay which is not that of the actual originating station;the term is commonly used to describe situations inwhich the motivation is considered nefarious by thespeaker.

Just as e-mail spoofing can make it appear that amessage came from any e-mail address the senderchooses, caller ID forging can make a call appear to havecome from any phone number the caller wishes.

Because people are prone to assume a call is comingfrom the number (and hence, the associated person, orpersons), this can call the service's value into question.Dr. Ajay Nagne

Basics of Call Forging14

Firstly the voip is used to call via internet PC to atelephone.

In the Voip there is a loop hole which allow a intruderto spoof a call.

There are many website on the net which provide thefacility of the internet calling.

This website work as follows, first the call the sourcephone no then the destination number and thenbridge them together.

Here there is no authentication done by the websiteand server are normally located in US and so tracingof the intruder is not possible.

Dr. Ajay Nagne

Basics of Call Forging Cont. . . . .15

Thus the intruder logs on to this server andgives a wrong source number and then place acall over internet which is actually a spoofed callwhich shows wrong identity.

Also there a no laws regarding the call spoofingin India and so a intruder if gets traced is easilybacked by the loophole of no laws for it.

thus if you get calls from other numbers donttrust it they may be spoofed calls.

Dr. Ajay Nagne

SMS Forging16

SMS is one of the most popular means ofcommunications.

SMS Forging is the method to spoof senderid of SMS.

One can send SMS to international Numberfrom any number of sender’s choice.

Facility to choose sender id upto 11characters/name.

Dr. Ajay Nagne

17

Bluesnarfing

Dr. Ajay Nagne

Bluesnarfing18

Bluesnarfing is the theft of information froma wireless device through a Bluetoothconnection, often between phones, desktops,laptops, and PDAs.

This allows access to a calendar, contact list,emails and text messages.

Bluesnarfing is much more serious in relationto Bluejacking, although both exploit others’Bluetooth connections without theirknowledge.

Dr. Ajay Nagne

Bluesnarfing19

Any device with its Bluetooth connectionturned on and set to “discoverable” (ableto be found by other Bluetooth devices inrange) can be attacked.

By turning off this feature you can beprotected from the possibility of beingBluesnarfed.

Since it is an invasion of privacy,Bluesnarfing is still illegal in manycountries.

Dr. Ajay Nagne

Bluesnarfing Cont. . . . .20

There are people who have predictedthe doom of bluetooth attacks likebluesnarfing.

Their reasoning is that WiFi willeventually replace the need forbluetooth devices and withoutbluetooth, it make sense there will be nobluetooth attacks.

Dr. Ajay Nagne

21

While convincing and logical, bluetooth have yet to bephased out long after WiFi is in use.

In face, there are more and more devices usingbluetooth technology.

The main reason: It's free. Unlike wifi which is a overallnetwork and you are just a "user" in the network, you"own the network".

You can switch in on and off anytime you like, and youdon't have to pay a cent.

There is no logic for example to use wifi for connectingwith your headset, but bluetooth fits that functionperfectly.

Bluesnarfing Cont. . . . .

Dr. Ajay Nagne

22

In fact, this neglect on the importance of bluetoothhas led to an added advantage to bluesnarfers.

Because every is concern about their Wi-Fi security,they neglect the fact that their short ranged networkwhich is their Bluetooth can easier be hacked intofor someone who is nearby or even far away butwith the right equipment.

The reason why there is little news aboutbluesnarfing is that there is no good solution to theproblem at the moment, save for switching off yourBluetooth device.

Bluesnarfing Cont. . . . .

Dr. Ajay Nagne

23

•• Used to establish wireless personal area

networks (PAN)

• Creates small wireless networks on an ad-hoc basis, known as piconets

• Typically contain a minimum of two and a maximum of eight Bluetooth peer devices

Bluetooth Networks

Dr. Ajay Nagne

24

Bluetooth Network Example

Dr. Ajay Nagne

25

• Two or more Bluetooth devices in close physical proximity that operate on the same channel

• One device acts as the master while the others act as slaves

• An example is connection between a mobile phone and a Bluetooth-enabled ear phone.

Piconets

Dr. Ajay Nagne

26

Piconet Example

Dr. Ajay Nagne

27

• Two or more inter-connected piconets form a scatternet

• Time Division Multiplexing allows scheduling of nodes in multiple piconets to be active in only one piconet at a time

• Could be used to expand the physical size of the network beyond Bluetooth's limited range

Scatternets

Dr. Ajay Nagne

28

Scatternet Example

Dr. Ajay Nagne

Cellphone Bluetooth Vulnerabilities

Bluesnarfing

Stealing contact lists, data, pictures on bluetoothcompatible smartphones

Bluebugging

Taking control of a phone to make or listen to calls, send or read text messages

6-29Dr. Ajay Nagne

30

Thank You . . . . . !

Dr. Ajay Nagne