Thread: GSM firewall
View Single Post
juiceme is offline juiceme
2014-09-04 , 09:32
Community Council | Posts: 4,920 | Thanked: 12,867 times | Joined on May 2012 @ Southerrn Finland
#8
Originally Posted by nieldk View Post
Originally Posted by juiceme View Post
- no, it still isn't possible to actuate phone camera or sound pickup without initiating a call
- Not so sure about this one, but I feel confident,that once you have hijacked the phones GSM/GPRS you can gain enough control to activate the camera and microphone etc by several types of attack. Possibly you can do this by a specially crafted SMS, but definately I have no doubt you can do this if you hijack the phone GPRS connection.
Well, in an infinite universe anything is possible, and I do not doubt that the UMTS signaling stack is perfect: far from it. There might well be bugs that allow some undocumented functionality to emerge.
However, there is no possible legal state transition that could lead to this kind of action.

The only way I can see for this to happen would be if the attacker could inject malicious code into the target UE and get it running; imagine for example an instance of Prey on the device controlled by remote malicious party.
Such attack would be device-dependent however, there might be some manufacturer/model that is vulnerable to a hand-crafted attack vector specifically targeted to it but no possibility to create a generic attack.


Originally Posted by nieldk View Post
Originally Posted by juiceme View Post
- no, the "firewall" proposed on cryptophone is not feasible
. Why not ? The celltowers connecting the phone can be maches at the simplest by a comparison to know cell tower ID ranges or specific IDs? I think this could be quite easily implemented.
The attack device can easily masquarade using existing cell area&BTS signatures that it anyway can observe. There is pretty much no way that the target UE can shield against this type of attack.
 

The Following 2 Users Say Thank You to juiceme For This Useful Post: