Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Cellphones Handhelds Privacy Security Wireless Networking

Israeli Firm Creates a Device That Can Hack Any Nearby Phone (softpedia.com) 143

An anonymous reader writes: Israeli startup Rayzone created a device that can hack any smartphone that has its WiFi connection open. The device can steal passwords, files, contact lists, photos, and various others. Called InterApp, the device is dumb-proof (comes with a shiny admin panel), works on hundreds of devices at the same time, and leaves no forensics traces behind after the hack. The company says it will only sell it to law enforcement agencies.
This discussion has been archived. No new comments can be posted.

Israeli Firm Creates a Device That Can Hack Any Nearby Phone

Comments Filter:
  • by sandbagger ( 654585 ) on Sunday December 20, 2015 @09:37AM (#51153725)

    Given the way panicked elected officials think, and the fact that kids of people attracted to life in uniform are of exactly the opposite mindset needed to go into computer science, I'm guessing this is an overblown and over promoted 'grabs text transmitted in the clear' thing that's not designed to do much other than pick the pockets of taxpayers.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      It's more like load Nessus onto a portable device, create an open wifi network, and then scan and exploit any phone dumb enough to connect. So, tell your phone not to connect to unknown networks, or networks without a shared secret.

    • by gtall ( 79522 )

      Really? Read up on Special Ops sometime, you are about 30 years behind the times.

    • and the fact that kids of people attracted to life in uniform are of exactly the opposite mindset needed to go into computer science

      There is no "attracted to life in uniform" in Israel. Everyone serves.
      What there is though are various benefits in service and education for those with high grades in highschool [wikipedia.org] with special attention for those "recruits who have demonstrated outstanding academic ability in the sciences and leadership potential" putting them through more schooling and training after which they do R&D for IDF.

      The applicant pool consists of nearly ten-thousand top scorers in a test taken by all graduating high school seniors. 150-200 potential applicants are then subjected to a two-day series of tests.[3]
      These include further IQ exams, as well as group-tasks designed to test one's social dynamics, all conducted under the supervision of trained psychologists and military personnel.
      For example, teams of applicants are given a specific task then the instructions are changed while the test is in progress, such as shortening the allotted time or changing the assigned tasks.[3]
      Final acceptance into the program entails a high security clearance rating, given by the Air Force.

      And then there's Mamram, [wikipedia.org] Unit 8200, [wikipedia.org] Ofek... [wikipedia.org]

      All when those highly educated techies leave the army... Private sect [wikipedia.org]

    • by dcw3 ( 649211 )

      Blah, blah, blah....and the fact that kids of people attracted to life in uniform are of exactly the opposite mindset needed to go into computer science...

      Really? Where in fantasyland did you come up with that bullshit?

  • I highly doubt it. (Score:5, Insightful)

    by Anonymous Coward on Sunday December 20, 2015 @09:39AM (#51153733)

    The chances that it can get into ANY phone from the Wi-FI connection is virtually nil. Anyone with an ounce of tech knowledge should be highly suspect of everything they're claiming the device does.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      I don't think so. All you need is a list of 0-day exploits and keep it up to date. There are several competitors who already offer the same service, though usually not on the basis of a single device. FinFisher, for example.

      • by Anonymous Coward

        I don't think so. All you need is a list of 0-day exploits and keep it up to date. There are several competitors who already offer the same service, though usually not on the basis of a single device. FinFisher, for example.

        FinFisher has to be installed, and they pretty much use the same methods as other malware to do so. Keeping an up to date list of 0 day exploits for the various current phone OSs, along with the different hardware would be difficult at best. The fact that some of what they claim to be able to get isn't even necessarily on the phone.

        Really if you look at what they're doing, it's basically just setting a wi-fi connection and stealing what info they can from the traffic over that. In otherwords, super overblow

        • by Anonymous Coward

          That's sounds like bullshit to me. FinFisher does not need to be installed (unless you the the base station software for the operators), they have offered working exploits / deployment solutions for any target architecture for years. Source: Their own advertisements.

          And there are many other companies who offer 0-day exploits. The only "though" target nowadays may be iOS, but even that is broken customarily.

    • But, but... I've been seeing Reese and Root force pairing phones for years now. Nothing new to see here.
    • I'm trying to figure out how this works and what the threat level is. does it just lurk in the background and record any traffic going back and forth? or does it infiltrate the phone and extract things? The latter is obviously much more scary.

      here's a list of what the device purports to capture (FTFA):

      InterApp system extracts the following information from the targets smartphone:
      User email address, password and content
      Twitter, Facebook and other social media passwords and information
      Dropbox passwords &

      • InterApp system extracts the following information from the targets smartphone:
        User email address, password and content
        Twitter, Facebook and other social media passwords and information
        Dropbox passwords & content
        Previous locations on map
        MSISDN and IMEI identities
        MAC address, device model, operating system Contact list of the target
        Photos
        Targets personal info: gender, age, address, education, etc.

        Ha ha, the joke is on them- I don't have any of that shit on my phone, lol.

        My old phone is only slightly smarter than a brick or a wet pack of matches, good luck getting anything from it. InterApp can hack my phone all day long and they won't even get a fucking dial tone.

        Ancient flip-phone FOR THE WIN, BABY!

        • by jon3k ( 691256 ) on Sunday December 20, 2015 @11:34AM (#51154161)
          If the NSA wanted something from you then they'd just put a bag over your head and hit you with a pipe wrench until you told them what the want. The only difference is you live a life of inconvenience under the guise of security.
          • by Anonymous Coward

            No, that's the CIA's methodology. The NSA is full of introverts who don't like pipe wrenches because they're heavy.

          • Re: (Score:2, Informative)

            by Anonymous Coward

            Any govt agency could beat you with a wrench to get what they want. This is TARGETED at a specific person and requires time, money, and resources. If the government wants you, the TARGETED person, there is very little you can do about it. They have had this capability before the USA existed.

            In the past several decades governments have done BULK surveillance, collecting massive amounts of data on everyone and spend very money little doing so. Bulk surveillance reduces the peoples' confidence in the gove

          • If the NSA wanted something from you then they'd just put a bag over your head and hit you with a pipe wrench until you told them what the want.

            Of course they would, but that would mean they'd have to a) buy a pipe and b) drive out to my house. Sounds like a lot of trouble for guys used to stroking a keyboard all day long, doncha think?

            -

            The only difference is you live a life of inconvenience under the guise of security.

            Lol, trust me, it's no inconvenience not to have facebook or twitter or any of that other crap on my phone. Only lifeless millennials and other douchebag dweebs/bros/hipsters think that shit is "indispensable" to life.

            No, I carry an ancient flip-phone because it's rugged and does everything I want, not because I'm w

          • Wouldn't they use a rubber hose instead? More likely to keep the victim conscious.

          • They wouldn't even need the pipe wrench. However, they would need to send someone to ask me those questions or have someone track me etc. This requires manpower and resources instead of just having data mining algorithms run on facebook posts etc and only having a person to look at the data if the algorithm finds something interesting.

            If you want to track me, you can, there isn't much I can do about it. However, I can make it more expensive for you to do it.

          • by AmiMoJo ( 196126 )

            Maybe, if you are a high value target that they are able to kidnap. For most people though the more likely danger is from other lower level law enforcement agencies like the FBI or local police. Encryption works extremely well against them.

        • Oh boy, that's hilarious. You really got them good there.

          Non-smartphone not vulnerable to smartphone attack.
          News at 11.

          Not that I believe the claims of this company to begin with though. Probably like the ADE 651.

          • Not that I believe the claims of this company to begin with though. Probably like the ADE 651.

            That was more or less my take on it. Although, who knows, stranger things have happened.

      • by rtb61 ( 674572 )

        There is a real legal problem in gaining and using, a user name and password because the claimed evidence can now be readily tainted by those involved in it's collection. Something the courts will have to start dealing with, basically this sort of device renders all digital evidence purely circumstantial, as it proves all those devices can be readily hacked and false evidence planted. They are no selling anything to police, they are selling stuff to be used by defence attorneys all over the world. There is

      • by AmiMoJo ( 196126 )

        This is obvious bullshit. Let's consider what they could do using the most powerful known attacks.

        They could set up a man-in-the-middle attack. Anything unencrypted would be easily readable. Nothing exceptional there. They could spoof security certs so that they could read encrypted traffic, but it would be highly ineffective. Android pins critical certs, and apps (especially web browsers) will issue dire warnings. I'm not even sure you can bypass the warnings in Chrome anymore.

        They could use exploits with

    • by currently_awake ( 1248758 ) on Sunday December 20, 2015 @11:22AM (#51154121)
      There are only a handful of companies making phone chip sets. It would be easy for the NSA to pay off enough people to install backdoor hardware in the designs, to allow remote access. Such access would bypass the phone software completely, and be very hard to detect. The payoff to cost ratio (ROI) is so high we should assume it's already happened.
      • See there is this thing which is called russia, europe, china. None of which would willingly go with NSA plan for good reason. So.... What is the chance do you think that local firm building phone in every of those country would allow for such hole ? And what would be their reaction if it was found out ? The risk would not be worth the try.
      • by swillden ( 191260 ) <shawn-ds@willden.org> on Sunday December 20, 2015 @12:56PM (#51154527) Journal

        There are only a handful of companies making phone chip sets. It would be easy for the NSA to pay off enough people to install backdoor hardware in the designs, to allow remote access. Such access would bypass the phone software completely, and be very hard to detect.

        Thinking about this in the context of Android (since that's what I know -- though I don't know as much as I should about the radio subsystems), it is conceivable that there are back doors in the radio (Wifi and cellular; they're different, and separate) chipset firmware. The radio chipsets don't have any access to device storage, though, so without some additional steps this could only be used to get data flowing through the relevant radio. Exfiltrating the data obtained would presumably have to be done via the same radio. In the case of Wifi this would be pretty easy to detect by anyone monitoring Wifi transmissions, or examining the data flowing through the Wifi router. If the data were encrypted it might not be possible to tell what the unexplained data was, but its presence and destination could easily be observed.

        If the drivers that talk to the radio firmware modules are also backdoored, then the drivers could be used to take control of the Linux kernel, and thereby take control of the entire Android system. Stuff protected by the Trusted Execution Environment (TEE) wouldn't be affected, but TEE software also comes from a small set of vendors, and most comes in binary form only. The exception is Google's "Trusty" OS, which open source, but is used (thus far) only on the Nexus 9 [1]. So if the NSA could get backdoors into the radio firmware, it could probably get them into the TEEs as well. Except on Nexus 9.

        However, assuming such firmware backdoors exist, it seems like they would be closely guarded secrets of the agencies that arranged for them to be installed, not something they'd share with some Israeli company, and absolutely not something they'd want embedded in a commercial product where it could discovered easily, just by watching what it transmits.

        For that matter, I'm skeptical that such back doors exist. Many people have reverse engineered the common baseband and Wifi chipset firmware modules, and no such backdoors have been found, which means that if they're there, they're pretty well-concealed. If anything, I'd bet that rather than full-blown back doors, there are merely subtle security vulnerabilities which can be exploited and then chained with other exploits to pwn the device. Again, though, I'm skeptical that this one Israeli company has such powerful knowledge and extremely skeptical that they'd put it in a commercial product where knowledge of it could be easily discovered.

        • Oops, sorry about the extraneous footnote marker, the "[1]". I had added it intending to mention something about the Pixel C that isn't really relevant, but is kind of cool, but then decided not to bother, because it's not really relevant. The irrelevant but cool thing I was going to add was that the Pixel C is the only device I'm aware of that allows the user to install their own TEE software.
        • by Anonymous Coward

          The baseband CPU has full memory access on most modern cell-phone SOCs.

          • The baseband CPU has full memory access on most modern cell-phone SOCs.

            Really? Though I don't know that much about that area, that surprising to me. It would require the baseband CPU to have access to the MMU, and the MMU to have some means of coordinating requests from multiple sources. That seems like a lot of complexity for relatively little gain.

            I'm not saying you're wrong, just that it's not obvious why it would be architected that way, which makes me skeptical.

            • by Anonymous Coward

              It wouldn't require that. Have you ever heard of DMA? Haven't you seen the demos where any system can be hacked, regardless of OS, simply by plugging a device into a firewire port and then manipulating the data in RAM directly?

              Same principle, the baseband CPU could simply use DMA to patch the kernel or other software in memory.

              • Have you ever heard of DMA?

                The DMA controller is managed by the main CPU. It would be a security nightmare if any peripheral could initiate its own DMA transfers to any part of physical memory at any time.

                Haven't you seen the demos where any system can be hacked, regardless of OS, simply by plugging a device into a firewire port and then manipulating the data in RAM directly?

                That only works if the DMA controller is configured to allow it. Prior to the discovery of DMA attacks, OSes did configure their controllers to allow Firewire and other OHCI 1394 devices unlimited access. I think that's been fixed in Linux for some time, and Windows now has some mitigation as well. Android devices don't generally h

      • by cfalcon ( 779563 )

        Remember there is risk here too. I don't trust hardware much- and hardware encryption seems almost guaranteed to be broken- but there is some possible recourse to detect at least many of the ways a chip would be compromised- and would a company be able to bounce back from that?

    • Unless there is some common flaw in an area such as the firmware of the MCU that is attached to the WiFi radio and that can be exploited to open a back door by mimicking user actions to "open up" the phone. If that is the case the security and type of the OS running on the main processor of the phone may not matter much. If they are not interfering at a level below the radio then there is a lot less they could do with encrypted packets, other than the usual man-in-the-middle type attacks.
  • by Anonymous Coward

    But what mobile operating systems? Both Android and iOS? Windows Phone? Sailfish?

  • by Anonymous Coward

    InterApp won't work on this phone [thenophone.com].

    But seriously, how insane are we to pay for the privilege of carrying a device that tracks our whereabouts, collects our personal information, and will render an account of our lives to government officials without our consent?

  • It's either 'what a load of marketing crock have I just read won't someone pay for those dear 20 seconds of life I just lost', or 'guess which company is going to be the next hackerteam'. I can't decide.

  • by geekmux ( 1040042 ) on Sunday December 20, 2015 @09:57AM (#51153779)

    The company says it will only sell it to law enforcement agency.

    Oh, thank goodness, what a relief.

    For a minute there I was worried that this would fall into the hands of people who might abuse this technology, or even break the law.

    Because of course, that would never happen.

    Oh gee, what a coincidence, this company sells an IMSI catcher too...

  • by burni2 ( 1643061 ) on Sunday December 20, 2015 @10:00AM (#51153789)

    Hey slashdot.editors,

    this is slashdot a news-site for nerds that mostly have a basic understanding of the "cracking" processes

    And btw. the softpedia page is full of marketing speech shit.

    Q: How can I "enter" a smartphone without physical contact?

    A: There must be a security hole.
    (the term outdated hints that there are -known- sec holes in older devices)

    Q: How can I "enter" a smartphone without physical contact? another way

    A: The user connects to an access point with/out any or weak encryption and the eMail app does not know of any current encryption

    Q: How can I "enter" a smartphone without physical contact? another nother way

    A: The user connects to an access point I control and I tell their eMail app that I'm from turk-trust and naserbajew-trust and that I'm Vladimir Putin the most trustworthy entity only followed by the NSA.

    (Man in the middle attack)

  • by carlhaagen ( 1021273 ) on Sunday December 20, 2015 @10:04AM (#51153799)
    ...seems to have its bar lowered every year by mainstream journalism and wannabe computer "aficionados".
  • Is this different than the devices that Japanese dude was putting on stray cats?
  • it also finds missing Golf Balls [slashdot.org]

  • I manually manage my phones data, both LTE and wifi. I turn it on only when needed, and turn it off when I am done. I only connect my wifi to AP's I know and trust. (all 2 of them) I do this mainly to extend battery life, but in part because I barely trust the few app's I have. It seems to me that my everyday usage provides a moderate amount of immunity to this particular "attack". I have no illusions about the security of my phone. I will never mobile bank on it. I do not check my primary email account on
  • I turn Wi-Fi off when I'm heading out and turn Bluetooth on so it works in my car. At home I do the reverse. This was done to extend battery life. Now, there appear to be additional reasons to turn off Wi-Fi. Who needs to have their phone brute force attacked by mindless thugs via Wi-Fi?
    • I have Nokia 521 Windows 8 phone and it has a bug that won't let it send SMS messages if the WiFi is on. So I have to keep it off else no SMS which is what I use the phone for mostly. So glad MS is looking out for me. ;)
  • I would feel safer (Score:2, Insightful)

    by Anonymous Coward

    if they only sell it to the crooks

  • So I'm guessing it's similar to the WiFi Pineapple with Karma/DNSSpoof?.. It poses as the trusted WiFi Network and the victim's phone connects to it. It could then employ MiTM on the SSL. Do all the Cellphone apps (Twitter, Dropbox, etc) not check for proper certificates when using HTTPS?
  • Apple, Ios, and Microsoft had better get on fixing this IMMEDIATELY. If this goes live and stays live for a few months, fixing the bug will be deemed "going dark" and we'll hear about how "terrorists coordinate using securely patched phones".

  • The company says it will only sell it to law enforcement agency

    Yeah, sure you will. Aside from this making it's way into the hands of criminal organizations, one way or another, in a startlingly short period of time, the NSA and CIA (which more or less amount to criminal organizations, the way they conduct themselves domestically) probably already have this device in their posession well in advance of us hearing about it.

    Thanks, assholes. Now I will never own a smartphone, ever. Hell, I'm half considering whether it even makes sense to continue having a cellphone of a

    • Comment removed based on user account deletion
      • What? I haven't had sufficient reason to get a smartphone so far, and it seems like every week something else comes up that convinces me even further that it's a bad idea. Overpriced, underperforming, get gouged for wireless service, and then it's like a swiss cheese so far as security goes, and there's not a hell of a lot you can do about it? All so I can have stupid games and mobile internet? LOL you, thanks but no thanks. I don't even use a cellphone as a phone all that much, I've got like 10000 'anytime
        • Comment removed based on user account deletion
          • ..because you're using a system that is probably just as exploitable under similar conditions.

            Well, no, actually, I'm not. At home it makes zero sense for me to use WiFi, it's a small place and ethernet makes so much more sense.

            • Comment removed based on user account deletion
              • I'm not really sure anymore what your point even is? MitM attacks could have been happening since before the Internet was opened to the general public, even, and considering that it started as a DARPA project, and considering that pretty much all illusions about the U.S. I may have ever entertained have now been shattered, I think it's been continuously surveilled since Day Zero. If you're implying that the CIA/NSA/FBI/whoever has sneaked into my house and is watching the whole three ethernet devices I have
  • by gavron ( 1300111 ) on Sunday December 20, 2015 @05:48PM (#51155783)

    There are many smartphones with WiFi that cannot be "rooted" let alone remotely.

    Then there are many of us who run permission-checking programs that alert us if something is touching something it shouldn't.

    Finally the claims are too broad to be taken seriously. It's a simple application of Okham's Razor
    along with a little bit of "If it sounds too good to be true... it probably is."

    I suspect their device allows them local WiFi access to a subset of smartphones (as they say "older")
    that have known vulnerabilities in the OS (e.g. previous Android or IOS). There's no known remote root
    for BlackBerry (remember them?) or current Android (CM12.x).

    Marketing people do what they do and LOOK THEY'VE SUCCEEDED because their original ad has
    now transformed into a discussion on /. :)

    Best holiday wishes,

    Ehud Gavron
    Tucson AZ

  • by Anonymous Coward

    Welcome to ten years ago, Israel: https://www.wifipineapple.com/

No spitting on the Bus! Thank you, The Mgt.

Working...