{"id":3169,"date":"2011-08-12T12:13:51","date_gmt":"2011-08-12T11:13:51","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3169"},"modified":"2015-09-09T19:37:09","modified_gmt":"2015-09-09T11:37:09","slug":"android-phones-possibly-hacked-at-defcon-on-cdma-4g-hspa","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2011\/08\/android-phones-possibly-hacked-at-defcon-on-cdma-4g-hspa\/","title":{"rendered":"Android Phones (Possibly) Hacked At Defcon On CDMA & 4G (HSPA)"},"content":{"rendered":"

It seems like some major ownage was layed down at Defcon<\/a>, I was very interested by the thread coderman posted in Full Disclosure earlier:<\/p>\n

DEF CON 19 – hackers get hacked!<\/a><\/p>\n

Especially when some people did chime in with supporting opinions and agreeing that it does seem like they got hacked. Basically someone setup some bogus CDMA\/4G cell towers (probably with OpenBTS) and hacked a bunch of Android<\/a> phones (that’s what is being claimed anyway).<\/p>\n

And just to clarify – there’s no REAL 4G or LTE hacking involved – in the US they call HSPA 4G.<\/p>\n

Claims that both CDMA and 4G networks were compromised at the recent Defcon security event in Las Vegas have raised little surprise, but the vulnerability of handsets is hotly debated.<\/p>\n

The claim was made by coderman, a stalwart of security conferences, who reports that he witnessed an advanced man-in-the-middle attack operating on both CDMA and UMTS networks and masterminded by an amalgam of Anon and Lulz. This attack was apparently able to identify connected devices and run through known exploits before falling back to ask the user’s permission to install.<\/p>\n

The symptoms of infection include “3G\/4G* signal anomalies”, “Android [device] at full charged plugged in, but dropping to <50% charge once unplugged\", \"Android services that immediately respawn when killed\" and \"a hard freeze, and then take[ing] a long time to reboot\".\n\nAndroid users might recognise that as SNAFU, but according to coderman it indicates the user has fallen prey to hackers from the usually-desperate groups Anon and Lulz.\n\nOther attendees are less certain, with many asking for more evidence (we did too, with equal lack of success). While it's hard to see if the attack happened as described much of it is plausible and follows a steady erosion of the security around cellular networks, which have stood the test of time well but are now recognised as weakening.\n\nCritically the 2G networks do not authenticate both ways \u2013 the handset authenticates to the network, but not the other way round \u2013 so it's relatively easy for an attacker to set up a femtocell and intercept communications. Handsets will also drop the encryption level on request by the network, which is required for use in countries where strong encryption is still verboten but provides an opportunity for the attacker to simply switch off the encryption.<\/p><\/blockquote>\n

Now there’s a lot of claims flying around here including the hacks, how advanced they are and who they were perpetrated by (Anonymous<\/a> and LulzSec?).<\/p>\n

Yes, cell network hacking has moved forward a lot in the last couple of years and the processing power of the average laptop is more than enough to own most cellular networks – but did this really happen? Right now no-one know, and really who is going to come forwards with evidence?<\/p>\n

“Hi, I’m a l33t hacker and my phone got raped at Defcon 19” – yah sorry but that’s not going to happen.<\/p>\n