Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How To Compete With NSA By Hacking a Verizon Network Extender

timothy posted about a year ago | from the awesome-goldman-sachs-advertising-too dept.

Hardware Hacking 56

New submitter Anita Hunt (lissnup) writes "This snooping hack-in-a-backpack could become a hot Summer accessory, since Reuters reported that 'researchers at iSec hacked into a Verizon network extender, which anyone can buy online, and turned it into a cell phone tower (video interview) small enough to fit inside a backpack capable of capturing and intercepting all calls, text messages and data sent by mobile devices within range.'"

Sorry! There are no comments related to the filter you selected.

I have one of these things (1)

ganjadude (952775) | about a year ago | (#44296443)

They dont work all that great in reality i get maybe a -10 difference on my signal strength vs without it running. This could be a fun little hack to try out, for educational reasons, of course.

Power to the people (3, Insightful)

vikingpower (768921) | about a year ago | (#44296461)

"This is ordinary people intercepting... ordinary people". A nice,, bitter subversion of the "power to the people" concept ?

Re:Power to the people (0, Offtopic)

Anonymous Coward | about a year ago | (#44296533)

bitter subversion

Subversion does make you bitter. I prefer mercurial.

Re:Power to the people (4, Interesting)

dgatwood (11270) | about a year ago | (#44297017)

"This is ordinary people intercepting... ordinary people". A nice,, bitter subversion of the "power to the people" concept ?

Not a subversion at all. Perhaps you're forgetting that congresspeople are ordinary people, as are judges.

"You wouldn't want us to leak to the press that affair you've been having, would you, Senator? Then I trust you'll do better at ensuring the NSA is not spying on your own citizens."

"You wouldn't want us to leak to the press that you took a bribe from the Monsanto corporation, would you? Then I trust you'll rule that we have standing to sue the federal government over the PRISM program."

And so on. Not saying that two wrongs make a right, but enough rights do make a left.

Re:Power to the people (0)

Anonymous Coward | about a year ago | (#44297489)

This is your people.
This is your people on spying. ...any questions?

Re:Power to the people (1)

pulski (126566) | about a year ago | (#44297677)

I'm fairly certain that anyone taking a bribe from Monsanto isn't going to have that conversation over a cellular telephone.

Re:Power to the people (3, Interesting)

Minupla (62455) | about a year ago | (#44297901)

You'd be surprised. I once caught someone embezzling from the company we worked over discussing it via IM with their accomplice, full confession via IM, ON THEIR WORK COMPUTER. Pawned.

After a few years in corporate security it would not shock me in the slightest. People get sloppy.

Even professionals. See the Opsec talk summary here: https://www.blackhat.com/us-13/briefings.html#Cole [blackhat.com]

Min

Re:Power to the people (1)

Lumpy (12016) | about a year ago | (#44298077)

Yup just like how no governor of a state would in his right mind talk about selling a senators seat to the highest bidder.

Ask Illinois about that.

Re:Power to the people (0)

Anonymous Coward | about a year ago | (#44304109)

love this idea!

Re:Power to the people (1)

gmuslera (3436) | about a year ago | (#44297737)

In a country where laws applies in the same way for everyone, that could pass. In US, in the other hand, that now see hacking as mass destruction weapons as they are used and plan to use them in big scale [schneier.com] in that way, it will be labeled as terrorist and put you in jail for decades or more [vice.com] ... unless you are a big contributor [rollingstone.com] or work for them, in that case it will have no consequences.

Re:Power to the people (1)

Lumpy (12016) | about a year ago | (#44298053)

Actually yes.

if you know of a NSA or Govt operation going on, get an operative to place a unit near them and start intercepting their cellphone traffic so you can spy on the guys spying.

Now imagine making hundreds of these things all placed at specific locations but with a backend system that lets you enable or disable at will. Now you have a cellular snoopnet covering a very wide area.

Re:Power to the people (0)

Anonymous Coward | about a year ago | (#44298583)

israeli backpackers have been toting a variety of this for decades. BT where does Foxcomm enter into the fray ed wires?
PHUCK PHORM!!!!
no, seriously, these dudes were spotted, ackpacks and all, flying little helicoptors around some standalone peoples places, they freak out, pick up their little-used cellphones to report the UAV`s, then Senator Kirk goes to an AIPAC meeting, talks to the ex-boss of Foxcomm, the next week he asks the FBI director if they were eavesdroppng on congress!

wtf is wrong with the adminstration? if anyone is out there, somebody PLEASE clarify that Foxcomm was an israeli company that wired-up the Capitol Building`s wireless, NOT A FRIGGIN CHINESE IPHONE SWEATSHOP! /. , anyone crunch the numbers of akamai and amdocs (illicit?) export of american citizens PRIVATEDATA??

clicked, not signed, - ClueLes

Encryption? What Encryption? (1)

i kan reed (749298) | about a year ago | (#44296469)

Why would you need to sync your phone to the station to get it to work, let's just send unencrypted communication all over the place.

Re:Encryption? What Encryption? (5, Interesting)

jc42 (318812) | about a year ago | (#44296725)

Why would you need to sync your phone to the station to get it to work, let's just send unencrypted communication all over the place.

We should be careful in just encouraging encrypted communication, because the usual interpretations of this provide no security at all, and were rejected back in the ARPAnet days of the 1960s by the security advisers.

The usual interpretation of "encrypted communication", of course, is the frequent suggestion that "the Internet" itself should do encryption. This is especially suggested by people who've figured out that the average user doesn't stand much of a chance of doing it right, with modern comm software.

But having "the Internet" do the encryption actually means that the encryption is done by your comm supplier, i.e. your ISP or phone company. What this means is that your comm supplier is the one who also does the decryption, so they have complete access to everything. The recent stories about the close ties between government security agencies and the comm companies show that this would be no security at all.

What was decided back in the 1960s, and what anyone with a basic understanding of security will agree with, is that the low-level comm stuff shouldn't be burdened with any security measures. They are simply a waste of cpu time, since they make your messages accessible to the people who run the low-level comm stuff. The low-level stuff should therefore be tasked simply with getting the bits across as fast as possible. To qualify as secure, any encryption must be handled by the two end-points in a conversation.

Note that this doesn't mean that the (human) end users need to be the ones doing the encryption. What it means is that the encryption software must be running on the piece of hardware that they're using, not by anything further away in the connection.

Of course, then you have the next problem, of preventing spy software from being installed on the hardware at either end. But that's a different issue.

The primary understanding is that we should insist that "encrypted communication" be done only end-to-end. Anything else inherently makes your info available to whoever owns the hardware that's running the encryption software. (And it makes the whole comm system run slower, since encryption software does use cpu time, and if it's not in the end systems, it's 100% a waste of that cpu time.)

The major use-level issue is whether we can create encryption software that runs in the users' gadgets, and which the users can actually use correctly, and which won't be compromised by builtin backdoors such as keyloggers that were installed by the comm companies.

Re:Encryption? What Encryption? (3, Insightful)

mi (197448) | about a year ago | (#44296961)

What this means is that your comm supplier is the one who also does the decryption, so they have complete access to everything. The recent stories about the close ties between government security agencies and the comm companies show that this would be no security at all.

Actually, there would be quite a bit of security against non-governmental attackers and those working for foreign governments.

And while it is the governmental ones that scare us for having a potential for abuse, it is those others that have done actual damage to millions of computers and hurt millions of people already — through spamming, identity theft, and spying.

I, for one, would've been glad to be rid of those, even if Uncle Sam's fishing expeditions remain a threat.

Re:Encryption? What Encryption? (1)

LordLimecat (1103839) | about a year ago | (#44297429)

It would be no security because noone vampire taps a fiber line. If youre going to intercept info, you do it at the ISP level, no matter who you are.

Re:Encryption? What Encryption? (1)

mi (197448) | about a year ago | (#44297521)

That would depend on the implementation, and on what exactly is routinely encryption-protected — and how. For example, if the DNS was secure from the beginning, a large number of actual high-profile attacks would not have been possible.

Re:Encryption? What Encryption? (1)

fulldecent (598482) | about a year ago | (#44298331)

> no one vampire taps a fiber line

sure about that?

Re:Encryption? What Encryption? (0)

Anonymous Coward | about a year ago | (#44298377)

Nobody vampire taps a fiber line. However, the spooks do tap fiber optic cable [lmgtfy.com] .

Re:Encryption? What Encryption? (0)

Anonymous Coward | about a year ago | (#44299383)

What's a "noone?"

Re:Encryption? What Encryption? (0)

Anonymous Coward | about a year ago | (#44300741)

Re:Encryption? What Encryption? (1)

pilot1 (610480) | about a year ago | (#44314717)

And while it is the governmental ones that scare us for having a potential for abuse, it is those others that have done actual damage to millions of computers and hurt millions of people already — through spamming, identity theft, and spying.

How the hell is encryption going to help with spamming or identity theft?

Re:Encryption? What Encryption? (1)

mi (197448) | about a year ago | (#44317999)

By making it harder to take over laypeople's Internet-connected computers — to use them as spam-relayes and to steal electronic documents from them.

Re: Encryption? What Encryption? (1)

pilot1 (610480) | about a year ago | (#44318091)

The internet-connected computers don't use encryption in this scenario though. The ISP decrypts traffic before it reaches them. This makes absolutely no difference as far as attacking those computers is concerned. It only makes it harder for certain parties to spy by intercepting traffic.

What this means is that your comm supplier is the one who also does the decryption, so they have complete access to everything.

Re: Encryption? What Encryption? (1)

mi (197448) | about a year ago | (#44327749)

The internet-connected computers don't use encryption in this scenario though.

I'm not sure, the "scenario" is sufficiently well-defined in this conversation to make too many conclusions. I was simply responding to an assertion, that, due to an ISP-government collusion, there is no point in ISP-based security. My response was, that there are many other dangers on the Internet — besides government's snooping. And that while government's is a potential threat, certain other threats have already caused millions (billions?) of dollars worth of damage.

Re: Encryption? What Encryption? (1)

pilot1 (610480) | about a year ago | (#44327891)

I'm not sure, the "scenario" is sufficiently well-defined in this conversation to make too many conclusions. I was simply responding to an assertion, that, due to an ISP-government collusion, there is no point in ISP-based security.

That is enough of a scenario to make certain statements about the security provided though. By definition ISP-based encryption only protects traffic on the wire; it cannot protect the computers at the end points.

Re: Encryption? What Encryption? (1)

mi (197448) | about a year ago | (#44334731)

How about reliable DNS? That, if it were in place from the beginning, would've prevented an entire family of attacks...

We can argue about could-should-woulda, but my main point remains — snooping by the American government is hardly the only danger to today's Internet-users and reducing the other threats would've been good, even if this one remained...

Re: Encryption? What Encryption? (1)

pilot1 (610480) | about a year ago | (#44335031)

How about reliable DNS? That, if it were in place from the beginning, would've prevented an entire family of attacks...

DNS spoofing requires low latency, which effectively requires that the attacker be on the same local network as his target. ISP-level encryption can't protect against that.

We can argue about could-should-woulda, but my main point remains — snooping by the American government is hardly the only danger to today's Internet-users and reducing the other threats would've been good, even if this one remained...

And my point remains that very few threats can be reduced by ISP-level encryption. I'm sure the govt would be campaigning hard for it if it were such a panacea.

Re:Encryption? What Encryption? (2, Interesting)

Anonymous Coward | about a year ago | (#44297009)

But having "the Internet" do the encryption actually means that the encryption is done by your comm supplier, i.e. your ISP or phone company.

Not necessarily. You could just have the initial key exchange built into the initial handshake, e.g. like this:

The SYN packet contains the public key certificate of the client.
The SYN/ACK packet contains the public key certificate of the server, and a hash of the client's certificate signed with the server's private key.
The final ACK packet contains a hash of the certificate the server sent, signed with the client's private key.
At this point, the communicating computers know enough about each other to safely encrypt their data stream without any middle man (including the ISP) being able to read the messages. Also, they know that each other computer has the private key for the public key certificate they've sent. All further data then can be encrypted, only the source/destination IP and port need to be unencrypted (because those are needed to route the packets). Since the encryption would already happen at the protocol level, the only thing which would ever go over the lines unencryted would be IP addresses, port numbers and public key certificates.

Of course at this point you did not establish the identity of the server and/or the client, so to prevent MITM attacks you'd need further means to authenticate the server. But the very basic operation of point-to-point encryption of all traffic of a connection can very well be done at the protocol level.

Encrypt it all (0)

Anonymous Coward | about a year ago | (#44297119)

Your email client (e.g. thunderbird) should generate a private/public key, and send the public key out with every email. It should encrypt by default if it has a public key and track the key to warn of changes.
Nothing complicated, slowly as it does its thing, all communications will be end to end encrypted. (and the user can edit the public key and lock it if they have the key from a more reliable way).

Will that stop NSA surveillance? No, they'll try something else, e.g. hack Thunderbird. But then we'll fix that.

Fiber optics, they should be encrypted end to end to prevent a tap being placed on them. Sure it won't help if the end is in USA or UK/AUS/NZ/CAN. But its trivial to do a large private key hash on the data, and trivial to have a man carry a mobile hard disk with a 1TB random hash file to install at either end. Nothing fancy is needed to secure an optic line and it should be done.

Slashdot comments should be encrypted. I criticized the NSA and now my email is tapped, a link I sent as a test was followed by a US server. Slashdot should switch to https by default so that NSA can't simply identify commenters by their comments and spy on them. They would have to then go in and install servers in Slashdot, which some Snowden hero figure would then tell us about.

Is it perfect if we do all these things and more? No. But its better.

Cellphones need encryption, as this hack shows. If you think it makes NSA job harder no problem, conference call them every time you call your kids, and CC them on your emails.

Re:Encrypt it all (0)

Anonymous Coward | about a year ago | (#44306283)

Your email client (e.g. thunderbird) should generate a private/public key, and send the public key out with every email. It should encrypt by default if it has a public key and track the key to warn of changes.
Nothing complicated, slowly as it does its thing, all communications will be end to end encrypted. (and the user can edit the public key and lock it if they have the key from a more reliable way).

Will that stop NSA surveillance? No,

... they'll just MITM the mails starting from the beginning. Encryption doesn't work well without proper identification of ho you are exchanging keys with in the beginning.

Re:Encryption? What Encryption? (0)

Anonymous Coward | about a year ago | (#44297221)

No, that's the neat part: the phone does encrypt communications to the station! Only the station is in your backpack, and has the keys to decrypt them.

The cryptographically correct solution would be to do a key exchange with the other person's phone, not the ground station, but CDMA doesn't do that because reasons.

Re:Encryption? What Encryption? (0)

Anonymous Coward | about a year ago | (#44298293)

yeah, the reasons why congress blocked the NTT purchase of 21% of AT&T wireless in the nineties.
monetizing, spying shmucks

Buttinsky (5, Funny)

flyingfsck (986395) | about a year ago | (#44296525)

In the good old bad old days, all you needed to butt into a phone conversation was a Buttinsky phone (linesman test set). Nowadays, you need a whole backpack full of equipment a laptop computer and heavy batteries and we call this progress?

Re:Buttinsky (0)

Anonymous Coward | about a year ago | (#44296799)

LMAO I have my Harris set right here. Lot of good it'll do me now.

Re:Buttinsky (0, Redundant)

Anonymous Coward | about a year ago | (#44296805)

See that term "linesman" you used... kind of self-explanatory irrelevant in a conversation about hacking wireless communication technology.

Re:Buttinsky (2)

flyingfsck (986395) | about a year ago | (#44296911)

Whoosh...

Re:Buttinsky (-1)

Anonymous Coward | about a year ago | (#44297501)

Deepest apologies for not finding your post humourous. I can only presume your mimicking a famous comic or some such to which I have no reference. In and of itself it lacks punch. IMO.

If you wanted to talk about progress then you really should've focused on the fact that all it takes is the greenlight from two successive POTUSes and you can capture the planet.

Now THAT's progress.

Re:Buttinsky (3, Informative)

Guillaume le Btard (1773300) | about a year ago | (#44297853)

I use wireshark more often to capture VoIP traffic than I use my butt set for analog communications

Re:Buttinsky (1)

FuzzNugget (2840687) | about a year ago | (#44302957)

I remember many years ago, I was able to listen into a nearby phone call (analog cell phones) if I tuned my Walkman radio to the right frequency.

Yea but can you get free long distance for life? (-1)

Anonymous Coward | about a year ago | (#44296703)

Enjoy your ride... (0)

Anonymous Coward | about a year ago | (#44297001)

...in the FBI party wagon.

Femtocells insecure? (0)

Anonymous Coward | about a year ago | (#44297085)

Crappy consumer devices running an embedded OS easy to hack? You don't say!
These things are a gold mine. They contain all the certificates and authority to act as a "tower" and are as hackable and available as any consumer device

No phone or smartphone is designed around the idea that the cell network can be "hostile" so they trust these things implicitly. Time to build a backpack rouge cell and go wandering around where "interesting" people hang out.

Re:Femtocells insecure? (3, Informative)

SpectreBlofeld (886224) | about a year ago | (#44297413)

They actually run Linux.

And:

"Verizon Wireless released a Linux software update in March that prevents its network extenders from being compromised in the manner reported by Ritter and DePerry, according to company spokesman David Samberg."

http://www.voanews.com/content/reu-researchers-hack-verizon-device/1701880.html [voanews.com]

Re:Femtocells insecure? (1)

Anonymous Coward | about a year ago | (#44298761)

1. Duh. Of course it runs linux. What else would it run? Linux sure as fuck can be an embedded OS, and it's damn popular. Doesn't mean it's secure. Most (probably all) embedded linux implementations in consumer hardware are insecure. All implementations are insecure if not designed properly. It's not a problem specific to linux.
2. I doubt the patch will keep the devices un-jailbroke for long.

Re:Femtocells insecure? (2)

Cramer (69040) | about a year ago | (#44302357)

vxWorks, QNX... any number of much smaller, true real time OSes that are a far better fit for such tasks. Of course, they aren't free and the people who know how to program for them aren't cheap.

Re:Femtocells insecure? (0)

Anonymous Coward | about a year ago | (#44304125)

If it was fixed once, it only mean that it can be broken

Re:Femtocells insecure? (1)

NerdyLove (1133693) | about a year ago | (#44297791)

Crappy consumer devices running an embedded OS easy to hack? You don't say! These things are a gold mine. They contain all the certificates and authority to act as a "tower" and are as hackable and available as any consumer device

No phone or smartphone is designed around the idea that the cell network can be "hostile" so they trust these things implicitly. Time to build a backpack rouge cell and go wandering around where "interesting" people hang out.

I'm sure the "interesting" people will have a healthy glow when you're through with them.

Secure Communications (1)

neorush (1103917) | about a year ago | (#44297089)

I'm waiting for some phone company to offer end-to-end encryption for a fee (maybe they already have?). Of course I'm sure, since they have full access to your phone, that private key will end up "backed-up" for your convenience to their servers.

Re:Secure Communications (2)

cjb658 (1235986) | about a year ago | (#44297933)

Redphone (https://whispersystems.org/) does this for free, but unfortunately, it uses data, and only works on Android.

Re:Secure Communications (0)

Anonymous Coward | about a year ago | (#44301829)

>>> and only works on Android.

So that only Google can eavesdrop...

npr covered this too (0)

Anonymous Coward | about a year ago | (#44298157)

How Hackers Tapped Into My Cellphone For Less Than $300

http://www.npr.org/blogs/alltechconsidered/2013/07/15/201490397/How-Hackers-Tapped-Into-My-Verizon-Cellphone-For-250

These guys are full of bullshit FUD (0)

Anonymous Coward | about a year ago | (#44298509)

Are they going to backhaul all the traffic once they set up their backpack base station in Times Square?

Mobile banking is already encrypted at the protocol layer. Someone could intercept your Wi-Fi too and intercept the same useless info.

Anyway, nothing that hasn't already been done with Open BTS.

TFA is like an instruction sheet for a Korean TV (0)

Anonymous Coward | about a year ago | (#44299441)

"So this device is a frontal assault or branded -- network extender from Verizon. And it's clearly very small about the size of a home -- that you get from -- -- And you just plug it into your home Internet connection and an -- And you -- at your windows it'll choir GPS lock and at that point functions as a small cell phone -- we started looking at a traffic that was. Can profit by that we were able to intercept people phone calls text messages picture messages and -- So I'm going to make -- call them. -- -- -- Work."

Quote from the transcript of the video (script) that was the link in the stupid summary.

My best guess is that they took a standard signal booster and hacked that a bit to intercept cell signals. Ho Hum...

Right, intercept unwitting people's phone calls (1)

FuzzNugget (2840687) | about a year ago | (#44302829)

And piss off a multi billion dollar telco while you're at it. What could possibly go [slashdot.org] wrong? [wikipedia.org]

cell site simulator (0)

Anonymous Coward | about a year ago | (#44305907)

now we can catch kevin mitnik!

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?