Upload
others
View
4
Download
1
Embed Size (px)
Citation preview
1
MOBILE HACKINGDr. Ajay Nagne
Table of Contents2
Introduction
Call Spoofing/forging
SMS Forging
Bluesnarfing
Dr. Ajay Nagne
Overview of Mobile Devices
Mobile computers:– Mainly smartphones, tablets Sensors: GPS, camera,
accelerometer, etc. Computation: powerful
CPUs (≥ 1 GHz, multi-core) Communication:
cellular/4G, Wi-Fi, near field communication (NFC), etc.
Many connect to cellular networks: billing system
Cisco: 7 billion mobile devices will have been sold by 2012 [1]
Organization
3
Dr. Ajay Nagne
History4
The fact of someone hacking cell phonebecame public knowledge when ParisHilton's cell phone, along with herinformation was recently hacked.
Unfortunately for her, all her celebrityfriends and their phone numbers werealso placed on the Internet - resulting ina barrage of calls to each of them.
Dr. Ajay Nagne
What Can A Hacker Do?5
Steal Your Number Your phone number can be accessed and obtained by
cellphone hacking. This allows them to make calls andhave it charged to your account.
Take Your Information Mobile hacking allows a hacker to contact your cell phone,
without your knowledge, and to download your addressesand other information you might have on your phone.Many hackers are not content to only get yourinformation. Some will even change all your phonenumbers! Be sure to keep a backup of your informationsomewhere. This particular technique is calledBluesnarfing.
Dr. Ajay Nagne
6
Rob Your Money
Other options might use a particular buying featurecalled SMS. This refers to the fact that money can betaken from your account and transferred intoanother and a good hacker can sit in one place andaccess a lot of phones and transfer a lot of moneyrather quickly - probably in less time than youthink!
What Can A Hacker Do? Cont. . . .
Dr. Ajay Nagne
7
Give The System A Virus
By using another cell phone hack code, a hackercould kidnap your phone, send it a camouflagedprogram or send it a virus. But it does not end there,since, from that point, he can use your phone toretransmit the virus to many other phones almostinstantly - potentially disabling the system.
What Can A Hacker Do? Cont. . . .
Dr. Ajay Nagne
8
Spy On You
A hacker can also gain access and take over for cellphone spying and remote mobile phone hacking.Literally, once secured, the hacker can have thephone call him, and then be able to listen to allconversations going on around the owner of thephone.
What Can A Hacker Do? Cont. . . .
Dr. Ajay Nagne
9
Access Your Voice Mails Voice mails can also be retrieved by a hacker
through a hacking cell phone. After stealing yournumber, this can easily be done - if your password isdisabled. The main thing that needs to beunderstood here, is that the electronics that giveyou the modern convenience of interacting with theInternet (getting your voice mails, emails, Websurfing, etc.) , is also the same technology thatallows you to receive the same ills as can befallsomeone on the Internet.
What Can A Hacker Do? Cont. . . .
Dr. Ajay Nagne
What Can we Do?10
Use Your Passwords
The cell phone companies tell us that many peoplehave turned off their passwords when they accesstheir voice mail messages, or other things. This littlefeature, though it may seem to be an annoyance tosome, could protect your phone from unauthorizedpurposes.
Dr. Ajay Nagne
What Can we Do? Cont. . . . .11
Upgrade Your Phone
While this cannot guarantee that your phone is nothackable, it certainly will help. It should beremembered that the phone companies work hardto deliver the best technology and conveniences -but the cell phone hacks work just as hard to be thefirst to break the systems designed to defeat them.It is an ongoing battle.
Dr. Ajay Nagne
Call Spoofing / Forging12
Call forging is method to spoof caller idnumber displayed on the mobilephone/landline.
It relies on VoIP (Voice over InternetProtocol)
VoIP is emerging & exciting innovation as faras Information & communication technologyis concerned.
Can be considered as GEN Next Cyber Crime.Dr. Ajay Nagne
About Caller Id Forging/Spoofing13
Caller ID Forging the practice of causing the telephonenetwork to display a number on the recipient's caller IDdisplay which is not that of the actual originating station;the term is commonly used to describe situations inwhich the motivation is considered nefarious by thespeaker.
Just as e-mail spoofing can make it appear that amessage came from any e-mail address the senderchooses, caller ID forging can make a call appear to havecome from any phone number the caller wishes.
Because people are prone to assume a call is comingfrom the number (and hence, the associated person, orpersons), this can call the service's value into question.Dr. Ajay Nagne
Basics of Call Forging14
Firstly the voip is used to call via internet PC to atelephone.
In the Voip there is a loop hole which allow a intruderto spoof a call.
There are many website on the net which provide thefacility of the internet calling.
This website work as follows, first the call the sourcephone no then the destination number and thenbridge them together.
Here there is no authentication done by the websiteand server are normally located in US and so tracingof the intruder is not possible.
Dr. Ajay Nagne
Basics of Call Forging Cont. . . . .15
Thus the intruder logs on to this server andgives a wrong source number and then place acall over internet which is actually a spoofed callwhich shows wrong identity.
Also there a no laws regarding the call spoofingin India and so a intruder if gets traced is easilybacked by the loophole of no laws for it.
thus if you get calls from other numbers donttrust it they may be spoofed calls.
Dr. Ajay Nagne
SMS Forging16
SMS is one of the most popular means ofcommunications.
SMS Forging is the method to spoof senderid of SMS.
One can send SMS to international Numberfrom any number of sender’s choice.
Facility to choose sender id upto 11characters/name.
Dr. Ajay Nagne
17
Bluesnarfing
Dr. Ajay Nagne
Bluesnarfing18
Bluesnarfing is the theft of information froma wireless device through a Bluetoothconnection, often between phones, desktops,laptops, and PDAs.
This allows access to a calendar, contact list,emails and text messages.
Bluesnarfing is much more serious in relationto Bluejacking, although both exploit others’Bluetooth connections without theirknowledge.
Dr. Ajay Nagne
Bluesnarfing19
Any device with its Bluetooth connectionturned on and set to “discoverable” (ableto be found by other Bluetooth devices inrange) can be attacked.
By turning off this feature you can beprotected from the possibility of beingBluesnarfed.
Since it is an invasion of privacy,Bluesnarfing is still illegal in manycountries.
Dr. Ajay Nagne
Bluesnarfing Cont. . . . .20
There are people who have predictedthe doom of bluetooth attacks likebluesnarfing.
Their reasoning is that WiFi willeventually replace the need forbluetooth devices and withoutbluetooth, it make sense there will be nobluetooth attacks.
Dr. Ajay Nagne
21
While convincing and logical, bluetooth have yet to bephased out long after WiFi is in use.
In face, there are more and more devices usingbluetooth technology.
The main reason: It's free. Unlike wifi which is a overallnetwork and you are just a "user" in the network, you"own the network".
You can switch in on and off anytime you like, and youdon't have to pay a cent.
There is no logic for example to use wifi for connectingwith your headset, but bluetooth fits that functionperfectly.
Bluesnarfing Cont. . . . .
Dr. Ajay Nagne
22
In fact, this neglect on the importance of bluetoothhas led to an added advantage to bluesnarfers.
Because every is concern about their Wi-Fi security,they neglect the fact that their short ranged networkwhich is their Bluetooth can easier be hacked intofor someone who is nearby or even far away butwith the right equipment.
The reason why there is little news aboutbluesnarfing is that there is no good solution to theproblem at the moment, save for switching off yourBluetooth device.
Bluesnarfing Cont. . . . .
Dr. Ajay Nagne
23
•• Used to establish wireless personal area
networks (PAN)
• Creates small wireless networks on an ad-hoc basis, known as piconets
• Typically contain a minimum of two and a maximum of eight Bluetooth peer devices
Bluetooth Networks
Dr. Ajay Nagne
24
Bluetooth Network Example
Dr. Ajay Nagne
25
• Two or more Bluetooth devices in close physical proximity that operate on the same channel
• One device acts as the master while the others act as slaves
• An example is connection between a mobile phone and a Bluetooth-enabled ear phone.
Piconets
Dr. Ajay Nagne
26
Piconet Example
Dr. Ajay Nagne
27
• Two or more inter-connected piconets form a scatternet
• Time Division Multiplexing allows scheduling of nodes in multiple piconets to be active in only one piconet at a time
• Could be used to expand the physical size of the network beyond Bluetooth's limited range
Scatternets
Dr. Ajay Nagne
28
Scatternet Example
Dr. Ajay Nagne
Cellphone Bluetooth Vulnerabilities
Bluesnarfing
Stealing contact lists, data, pictures on bluetoothcompatible smartphones
Bluebugging
Taking control of a phone to make or listen to calls, send or read text messages
6-29Dr. Ajay Nagne
30
Thank You . . . . . !
Dr. Ajay Nagne