Israeli Firm Creates a Device That Can Hack Any Nearby Phone (softpedia.com) 143
An anonymous reader writes: Israeli startup Rayzone created a device that can hack any smartphone that has its WiFi connection open. The device can steal passwords, files, contact lists, photos, and various others. Called InterApp, the device is dumb-proof (comes with a shiny admin panel), works on hundreds of devices at the same time, and leaves no forensics traces behind after the hack. The company says it will only sell it to law enforcement agencies.
Colour me suspicious (Score:3, Insightful)
Given the way panicked elected officials think, and the fact that kids of people attracted to life in uniform are of exactly the opposite mindset needed to go into computer science, I'm guessing this is an overblown and over promoted 'grabs text transmitted in the clear' thing that's not designed to do much other than pick the pockets of taxpayers.
Re: (Score:1)
So, you are saying that you are unemployed? Or only use a phone that you've stolen? Or your salary is very unstable month to month so you can't afford a monthly carrier bill?
Because carriers have offered iPhones for as little as $0 with a contract. And then there is getting a used iPhone from someone upgrading to the latest one.
Re: (Score:3)
I am sure it comes down to priorities.
I completely get it. I *could* spend $500 on an iPhone or I could spend $50 on a Windows phone that is just as fast.
I will never do the "contract" thing again, it is just a waste of money. $40 / month pre-paid with unlimited data and text seems a lot more reasonable than $80 / month for basically the same thing under contract. Where does the extra $40 / month go? Paying off the iPhone... which you will have paid almost $1000 for by the end of the 2 year contract.
Re: (Score:2)
It says it works on a "variety" of platforms, but doesn't list any by name in the release nor on their web site.
Re: Colour me suspicious (Score:4, Informative)
Read the ad carefully and look at the screen shot. It works on older versions of IOS and Androids. It exploits the cloud push notification system.
Re: Colour me suspicious (Score:4, Informative)
It only works on phones that meet the specified criteria:
"smartphones that have their WiFi connection open, and then, employing a diverse arsenal of security vulnerabilities, gain root permission on devices"
I.e. they must have an open wifi connection and they must have an unpatched security vulnerability.
This automatically excludes millions of older phones of various brands that don't have wifi, any phone with wifi disabled, and any phone with encrypted wifi.
And if the phone is fully patched for known exploits, they need a zero day attack.
Re: (Score:3)
Re: (Score:1)
Right. More likely, nobody has spent any effort in trying to hack it because there are only a couple hundred being used now around the world. And none of them are doing anything but living in the past.
Re: (Score:3)
Re: (Score:1)
Re: (Score:3, Interesting)
It's more like load Nessus onto a portable device, create an open wifi network, and then scan and exploit any phone dumb enough to connect. So, tell your phone not to connect to unknown networks, or networks without a shared secret.
Re: Colour me suspicious (Score:3)
There's a reason it doesn't work that way. Wifi does support AP hopping (it will pick different APs depending on signal strength) as long as they have the same ssid and are on the same network. That's why your connection continues working even though it switches from 80211n to 80211g (which is technically a different AP) as you go out of range of the former.
Re: (Score:1)
Really? Read up on Special Ops sometime, you are about 30 years behind the times.
Key word - Israel. (Score:2)
and the fact that kids of people attracted to life in uniform are of exactly the opposite mindset needed to go into computer science
There is no "attracted to life in uniform" in Israel. Everyone serves.
What there is though are various benefits in service and education for those with high grades in highschool [wikipedia.org] with special attention for those "recruits who have demonstrated outstanding academic ability in the sciences and leadership potential" putting them through more schooling and training after which they do R&D for IDF.
The applicant pool consists of nearly ten-thousand top scorers in a test taken by all graduating high school seniors. 150-200 potential applicants are then subjected to a two-day series of tests.[3]
These include further IQ exams, as well as group-tasks designed to test one's social dynamics, all conducted under the supervision of trained psychologists and military personnel.
For example, teams of applicants are given a specific task then the instructions are changed while the test is in progress, such as shortening the allotted time or changing the assigned tasks.[3]
Final acceptance into the program entails a high security clearance rating, given by the Air Force.
And then there's Mamram, [wikipedia.org] Unit 8200, [wikipedia.org] Ofek... [wikipedia.org]
All when those highly educated techies leave the army... Private sect [wikipedia.org]
Re: (Score:2)
Blah, blah, blah....and the fact that kids of people attracted to life in uniform are of exactly the opposite mindset needed to go into computer science...
Really? Where in fantasyland did you come up with that bullshit?
I highly doubt it. (Score:5, Insightful)
The chances that it can get into ANY phone from the Wi-FI connection is virtually nil. Anyone with an ounce of tech knowledge should be highly suspect of everything they're claiming the device does.
Re: (Score:1, Insightful)
I don't think so. All you need is a list of 0-day exploits and keep it up to date. There are several competitors who already offer the same service, though usually not on the basis of a single device. FinFisher, for example.
Re: (Score:1)
I don't think so. All you need is a list of 0-day exploits and keep it up to date. There are several competitors who already offer the same service, though usually not on the basis of a single device. FinFisher, for example.
FinFisher has to be installed, and they pretty much use the same methods as other malware to do so. Keeping an up to date list of 0 day exploits for the various current phone OSs, along with the different hardware would be difficult at best. The fact that some of what they claim to be able to get isn't even necessarily on the phone.
Really if you look at what they're doing, it's basically just setting a wi-fi connection and stealing what info they can from the traffic over that. In otherwords, super overblow
Re: (Score:1)
That's sounds like bullshit to me. FinFisher does not need to be installed (unless you the the base station software for the operators), they have offered working exploits / deployment solutions for any target architecture for years. Source: Their own advertisements.
And there are many other companies who offer 0-day exploits. The only "though" target nowadays may be iOS, but even that is broken customarily.
Re: (Score:3)
If you disabled the TCP/IP stack, it would be rather hard to connect to through the network. But what about that remote shutdown feature that Sandy Bridge processors have.
http://www.techspot.com/news/4... [techspot.com]
Re: (Score:2)
There are ways to improve the security of Windows. EMET comes to mind, which is a useful tool for catching 0-days. Not perfect (as it was bypassed), but a decent jump in security.
As for making a Wi-Fi connection, I do know on Android and iOS, you can have it not search for Wi-Fi access points unless you explicitly bring that up. You can also use an always-on VPN which won't let traffic through until the VPN tunnel is up and operable.
I always use a VPN, especially after things like Verizon's UIDH. Plus,
Re: (Score:2)
Re: I highly doubt it. (Score:2)
Indeed, that was my first thought...they do this on Person Of Interest!
Maybe the Israelis are big fans or this is life imitating art once more.
Re: (Score:3)
I'm trying to figure out how this works and what the threat level is. does it just lurk in the background and record any traffic going back and forth? or does it infiltrate the phone and extract things? The latter is obviously much more scary.
here's a list of what the device purports to capture (FTFA):
InterApp system extracts the following information from the targets smartphone:
User email address, password and content
Twitter, Facebook and other social media passwords and information
Dropbox passwords &
Re: (Score:1)
InterApp system extracts the following information from the targets smartphone:
User email address, password and content
Twitter, Facebook and other social media passwords and information
Dropbox passwords & content
Previous locations on map
MSISDN and IMEI identities
MAC address, device model, operating system Contact list of the target
Photos
Targets personal info: gender, age, address, education, etc.
Ha ha, the joke is on them- I don't have any of that shit on my phone, lol.
My old phone is only slightly smarter than a brick or a wet pack of matches, good luck getting anything from it. InterApp can hack my phone all day long and they won't even get a fucking dial tone.
Ancient flip-phone FOR THE WIN, BABY!
Re:I highly doubt it. (Score:4, Insightful)
Re: I highly doubt it. (Score:2, Funny)
No, that's the CIA's methodology. The NSA is full of introverts who don't like pipe wrenches because they're heavy.
Re: (Score:2, Informative)
Any govt agency could beat you with a wrench to get what they want. This is TARGETED at a specific person and requires time, money, and resources. If the government wants you, the TARGETED person, there is very little you can do about it. They have had this capability before the USA existed.
In the past several decades governments have done BULK surveillance, collecting massive amounts of data on everyone and spend very money little doing so. Bulk surveillance reduces the peoples' confidence in the gove
Re: (Score:1)
If the NSA wanted something from you then they'd just put a bag over your head and hit you with a pipe wrench until you told them what the want.
Of course they would, but that would mean they'd have to a) buy a pipe and b) drive out to my house. Sounds like a lot of trouble for guys used to stroking a keyboard all day long, doncha think?
-
The only difference is you live a life of inconvenience under the guise of security.
Lol, trust me, it's no inconvenience not to have facebook or twitter or any of that other crap on my phone. Only lifeless millennials and other douchebag dweebs/bros/hipsters think that shit is "indispensable" to life.
No, I carry an ancient flip-phone because it's rugged and does everything I want, not because I'm w
Rubber hose (Score:2)
Wouldn't they use a rubber hose instead? More likely to keep the victim conscious.
Re: (Score:1)
No that's torture. They should waterboard because it's not torture at all.
Re: (Score:2)
They wouldn't even need the pipe wrench. However, they would need to send someone to ask me those questions or have someone track me etc. This requires manpower and resources instead of just having data mining algorithms run on facebook posts etc and only having a person to look at the data if the algorithm finds something interesting.
If you want to track me, you can, there isn't much I can do about it. However, I can make it more expensive for you to do it.
Re: (Score:2)
Maybe, if you are a high value target that they are able to kidnap. For most people though the more likely danger is from other lower level law enforcement agencies like the FBI or local police. Encryption works extremely well against them.
Re: (Score:2)
Clandestine Information Association?
Re: (Score:2)
Oh boy, that's hilarious. You really got them good there.
Non-smartphone not vulnerable to smartphone attack.
News at 11.
Not that I believe the claims of this company to begin with though. Probably like the ADE 651.
Re: (Score:1)
Not that I believe the claims of this company to begin with though. Probably like the ADE 651.
That was more or less my take on it. Although, who knows, stranger things have happened.
Re: (Score:2)
There is a real legal problem in gaining and using, a user name and password because the claimed evidence can now be readily tainted by those involved in it's collection. Something the courts will have to start dealing with, basically this sort of device renders all digital evidence purely circumstantial, as it proves all those devices can be readily hacked and false evidence planted. They are no selling anything to police, they are selling stuff to be used by defence attorneys all over the world. There is
Re: (Score:2)
This is obvious bullshit. Let's consider what they could do using the most powerful known attacks.
They could set up a man-in-the-middle attack. Anything unencrypted would be easily readable. Nothing exceptional there. They could spoof security certs so that they could read encrypted traffic, but it would be highly ineffective. Android pins critical certs, and apps (especially web browsers) will issue dire warnings. I'm not even sure you can bypass the warnings in Chrome anymore.
They could use exploits with
Re:I highly doubt it. (Score:4, Insightful)
That is even more doubtful (Score:2)
Re:I highly doubt it. (Score:5, Interesting)
There are only a handful of companies making phone chip sets. It would be easy for the NSA to pay off enough people to install backdoor hardware in the designs, to allow remote access. Such access would bypass the phone software completely, and be very hard to detect.
Thinking about this in the context of Android (since that's what I know -- though I don't know as much as I should about the radio subsystems), it is conceivable that there are back doors in the radio (Wifi and cellular; they're different, and separate) chipset firmware. The radio chipsets don't have any access to device storage, though, so without some additional steps this could only be used to get data flowing through the relevant radio. Exfiltrating the data obtained would presumably have to be done via the same radio. In the case of Wifi this would be pretty easy to detect by anyone monitoring Wifi transmissions, or examining the data flowing through the Wifi router. If the data were encrypted it might not be possible to tell what the unexplained data was, but its presence and destination could easily be observed.
If the drivers that talk to the radio firmware modules are also backdoored, then the drivers could be used to take control of the Linux kernel, and thereby take control of the entire Android system. Stuff protected by the Trusted Execution Environment (TEE) wouldn't be affected, but TEE software also comes from a small set of vendors, and most comes in binary form only. The exception is Google's "Trusty" OS, which open source, but is used (thus far) only on the Nexus 9 [1]. So if the NSA could get backdoors into the radio firmware, it could probably get them into the TEEs as well. Except on Nexus 9.
However, assuming such firmware backdoors exist, it seems like they would be closely guarded secrets of the agencies that arranged for them to be installed, not something they'd share with some Israeli company, and absolutely not something they'd want embedded in a commercial product where it could discovered easily, just by watching what it transmits.
For that matter, I'm skeptical that such back doors exist. Many people have reverse engineered the common baseband and Wifi chipset firmware modules, and no such backdoors have been found, which means that if they're there, they're pretty well-concealed. If anything, I'd bet that rather than full-blown back doors, there are merely subtle security vulnerabilities which can be exploited and then chained with other exploits to pwn the device. Again, though, I'm skeptical that this one Israeli company has such powerful knowledge and extremely skeptical that they'd put it in a commercial product where knowledge of it could be easily discovered.
Re: (Score:2)
Re: (Score:1)
The baseband CPU has full memory access on most modern cell-phone SOCs.
Re: (Score:2)
The baseband CPU has full memory access on most modern cell-phone SOCs.
Really? Though I don't know that much about that area, that surprising to me. It would require the baseband CPU to have access to the MMU, and the MMU to have some means of coordinating requests from multiple sources. That seems like a lot of complexity for relatively little gain.
I'm not saying you're wrong, just that it's not obvious why it would be architected that way, which makes me skeptical.
Re: (Score:1)
It wouldn't require that. Have you ever heard of DMA? Haven't you seen the demos where any system can be hacked, regardless of OS, simply by plugging a device into a firewire port and then manipulating the data in RAM directly?
Same principle, the baseband CPU could simply use DMA to patch the kernel or other software in memory.
Re: (Score:2)
Have you ever heard of DMA?
The DMA controller is managed by the main CPU. It would be a security nightmare if any peripheral could initiate its own DMA transfers to any part of physical memory at any time.
Haven't you seen the demos where any system can be hacked, regardless of OS, simply by plugging a device into a firewire port and then manipulating the data in RAM directly?
That only works if the DMA controller is configured to allow it. Prior to the discovery of DMA attacks, OSes did configure their controllers to allow Firewire and other OHCI 1394 devices unlimited access. I think that's been fixed in Linux for some time, and Windows now has some mitigation as well. Android devices don't generally h
Re: (Score:2)
We really need a billion dollar class action lawsuit to bring a big company down one of these days for putting a backdoor in something.
Well, we'd need to find one, first.
Re: (Score:1)
LOL, You're assuming they would be at the code level and not the silicon level...
That doesn't really change the analysis, except to make even less likely -- if such backdoors exist -- that some Israeli company would be in on the secret.
Re: (Score:2)
Remember there is risk here too. I don't trust hardware much- and hardware encryption seems almost guaranteed to be broken- but there is some possible recourse to detect at least many of the ways a chip would be compromised- and would a company be able to bounce back from that?
Re: (Score:1)
"Hundreds of devices" (Score:1)
But what mobile operating systems? Both Android and iOS? Windows Phone? Sailfish?
Re: (Score:2)
I think *any* has a pretty clear definition but maybe that's just me.
Security through scarcity (Score:2)
Windows Phone? Sailfish?
I seriously doubt that all 3 devices of them have anything to be afraid of.
After all, the company spoke of "Hundreds of devices".
--
said a someone having switched from WebOS to Sailfish OS.
Won't Work On This Phone... (Score:1)
InterApp won't work on this phone [thenophone.com].
But seriously, how insane are we to pay for the privilege of carrying a device that tracks our whereabouts, collects our personal information, and will render an account of our lives to government officials without our consent?
My 2c (Score:1)
It's either 'what a load of marketing crock have I just read won't someone pay for those dear 20 seconds of life I just lost', or 'guess which company is going to be the next hackerteam'. I can't decide.
Sunday Sarcasm. (Score:5, Funny)
The company says it will only sell it to law enforcement agency.
Oh, thank goodness, what a relief.
For a minute there I was worried that this would fall into the hands of people who might abuse this technology, or even break the law.
Because of course, that would never happen.
Oh gee, what a coincidence, this company sells an IMSI catcher too...
Short: No, but only "outdated" mobile devices (Score:4, Insightful)
Hey slashdot.editors,
this is slashdot a news-site for nerds that mostly have a basic understanding of the "cracking" processes
And btw. the softpedia page is full of marketing speech shit.
Q: How can I "enter" a smartphone without physical contact?
A: There must be a security hole.
(the term outdated hints that there are -known- sec holes in older devices)
Q: How can I "enter" a smartphone without physical contact? another way
A: The user connects to an access point with/out any or weak encryption and the eMail app does not know of any current encryption
Q: How can I "enter" a smartphone without physical contact? another nother way
A: The user connects to an access point I control and I tell their eMail app that I'm from turk-trust and naserbajew-trust and that I'm Vladimir Putin the most trustworthy entity only followed by the NSA.
(Man in the middle attack)
The definition of "hack"... (Score:4, Insightful)
Re: (Score:2)
Slashdot editors: "Wee right good sew ewe dont half two"
Done before? (Score:1)
As an added bonus (Score:2)
it also finds missing Golf Balls [slashdot.org]
Re: (Score:2)
It's possible but unlikely...
If a device gets root on your phone then it's untraceable after the fact - as with root it has sufficient access to remove any traces that it was ever there.
There have been jailbreaks for phones which executed from within the browser, to exploit such a vulnerability on a wireless network under your own control only requires that the victim attempt to make a single http request over your network. The same is potentially true for any application which makes an outbound connection
Partial Immunity (Score:2)
Turn it off. Problem solved. (Score:2)
Re: (Score:1)
I would feel safer (Score:2, Insightful)
if they only sell it to the crooks
Just a WiFi Pineapple? (Score:1)
Watch out, patchers will make us "go dark" (Score:2)
Apple, Ios, and Microsoft had better get on fixing this IMMEDIATELY. If this goes live and stays live for a few months, fixing the bug will be deemed "going dark" and we'll hear about how "terrorists coordinate using securely patched phones".
COOL STORY BRO (Score:2)
The company says it will only sell it to law enforcement agency
Yeah, sure you will. Aside from this making it's way into the hands of criminal organizations, one way or another, in a startlingly short period of time, the NSA and CIA (which more or less amount to criminal organizations, the way they conduct themselves domestically) probably already have this device in their posession well in advance of us hearing about it.
Thanks, assholes. Now I will never own a smartphone, ever. Hell, I'm half considering whether it even makes sense to continue having a cellphone of a
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
..because you're using a system that is probably just as exploitable under similar conditions.
Well, no, actually, I'm not. At home it makes zero sense for me to use WiFi, it's a small place and ethernet makes so much more sense.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Yes, marketing claims do say that. (Score:4, Interesting)
There are many smartphones with WiFi that cannot be "rooted" let alone remotely.
Then there are many of us who run permission-checking programs that alert us if something is touching something it shouldn't.
Finally the claims are too broad to be taken seriously. It's a simple application of Okham's Razor
along with a little bit of "If it sounds too good to be true... it probably is."
I suspect their device allows them local WiFi access to a subset of smartphones (as they say "older")
that have known vulnerabilities in the OS (e.g. previous Android or IOS). There's no known remote root
for BlackBerry (remember them?) or current Android (CM12.x).
Marketing people do what they do and LOOK THEY'VE SUCCEEDED because their original ad has /. :)
now transformed into a discussion on
Best holiday wishes,
Ehud Gavron
Tucson AZ
Pineapple (Score:1)
Welcome to ten years ago, Israel: https://www.wifipineapple.com/
Re: Coming soon to U.S. technology firms (Score:2, Interesting)
Israel and the US are in bed with each other. It's the Palestinian that need to worried.
Re: Coming soon to U.S. technology firms (Score:1)
WTF, why do we have such hate filled people in this world? Good grief, stick to the topic you moron.
Re: Coming soon to U.S. technology firms (Score:1)
Um, ok, here we go again......
u wanna take it outside?
Re: (Score:2)
Who's the brown hatter and who's the pillow-biter?
Re: (Score:1, Insightful)
You're a moron.
Re: (Score:1)
+1 for truth
sorry the truth hurts folks. when their lives begin with dismembering baby genitals a life of duplicity, greed and evil is sure to follow.