![]() A rogue access point is often just a Wi-Fi penetration testing device – the Wi-Fi Pineapple is one popular model – that, instead of being used for auditing Wi-Fi networks, is set up to lure unsuspecting smartphones into connecting. On the Wi-Fi front, a key risk to be aware of is a Karma attack delivered by a rogue access point. However, these deployments still represent a small share of all cellular networks, meaning that IMSI catchers will still be effective in a majority of cases for the foreseeable future. Thankfully, 5G in standalone mode promises to make IMSI catchers obsolete, since the Subscription Permanent Identifier ( SUPI) – 5G’s IMSI equivalent – is never disclosed in the handshake between smartphone and cell tower. Unfortunately, there’s no surefire way for the average smartphone user to notice/know that they’re connected to a fake cell tower, though there may be some clues: perhaps a noticeably slower connection or a change in band in the phone’s status bar (from LTE to 2G, for example). From there, the IMSI catcher can be used to track the user’s location, extract certain types of data from the phone, and in some cases even deliver spyware to the device. ![]() Various techniques may be employed to do it, such as masquerading as a neighboring cell tower or jamming the competing 5G/4G/3G frequencies with white noise.Īfter capturing the targeted smartphone’s IMSI (the ID number linked to its SIM card), the IMSI catcher situates itself between the phone and its cellular network. An IMSI catcher is equipment designed to mimic a real cell tower so that a targeted smartphone will connect to it instead of the real cell network. A key risk here is the IMSI catcher, also known as a cell-site simulator, fake cell tower, rogue base station, StingRay or dirtbox. Let’s start by looking at cellular communications. ![]() The many ways attackers can engage in RF hacking But many of the tools for RF hacking are available to garden-variety hackers as well. It’s been reported that sophisticated nation-state actors like Russia and China are highly skilled in using such RF-based techniques, allegedly targeting travelers when passing through airports and other chokepoints. The headline here is that security gaps with these interfaces, whether baked into the protocol or found in a specific implementation, can allow attackers to force connections to untrusted equipment, giving them opportunities to extract data and even take control of the targeted device. It’s important for all smartphone users to understand the security implications of these wireless interfaces. It’s not a coincidence that most of the security tips given to smartphone users – such as refraining from opening suspicious links or downloading untrusted apps – also apply to PCs.īut unlike PCs, smartphones contain a plethora of radios – typically cellular, Wi-Fi, Bluetooth and Near Field Communication ( NFC) – that enable wireless communication in a variety of circumstances, and these radios are designed to remain turned on as the user moves through the world. By now, most of us are aware that smartphones are powerful computers and should be treated as such.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |