So with the advancement with cell phones, 3G networks and program like PDANet how feasible is it that hackers will start stealing cell phones in attempts to conceal their identity of their attacks.

In example -- Hacker scopes out a Cafe, finds a target. Swipes the phone. Goes to a different location and disable the location feature, plus his phone into his laptop -- launches his attack.

If the person is on their toes they could only have 5 mins... If the person isn't that smart, that could have a couple of days maybe? Steal a company phone from someone... they're going to go looking for it before they report it to their boss... They don't want to get in trouble. Could this be a new wave of attacks in an attempt to pull you hack off and remain anonymous? Afterwards all you have to do is destroy and dump the phone. I could be a little far fetched but I would like to see your professional and personal opinions.

HonorTech,

I agree with the theory, however I don't imagine that this will become too common. As it stands there are easier ways to remain anonymous (unsecured/poorly secured wireless) without commiting a real-world offence and leaving physical evidence.

I asked to move the post because I thought this was a general certification board. I missed that whole "and" word =p

I agree with the idea that it is very easy to find poorly secured or even unsecured networks. My PPC 6800 goes nuts driving down the road =p But even if you connect to a wireless network #1 you are restricted to a certain area and #2 it still pulls you down to an exact location. Ethically if you wanted to pull something big off and wanted guaranteed anonymity would this be a viable method? I'm sure it's only a matter of time before cyber terrorist and black hats figure this out. And then you always have the option of phreaking a cell phone. Granted it is a lot harder these days but still doable. I'm a young soldier just getting into the whole Network Security/Ethical Hacking field just trying to think about the future. But I know on my PPC 6800 when I plug it into my laptop and use PDANet in the EV-DO network with the new RTT connection I get darn near broadband speed... I can RDC to my server at the house via my cell phone alone and get very little delay and it's not much worse when I connect via PDANet and my laptop. As far as the physical evidence goes how easy would it be to destroy a cell phone? Or atleast destroy it beyond the ability to identify who the original owner was... You could drop it in a lake/river and it would more than likely not be found for years. And let's say it was? What are the chances the person who finds it even takes it to authorities... Just lots of options and ways around it. People have laptops stolen every day. Someone goes into a coffee shop, sets their laptop bag on the ground while they're ordering. Someone walks over grabs and it walks off. Imagine getting both their cell phone and their laptop? All you would need is a jump driver loaded with your favorite version of Linux granted you might have to do some driver setup or packet injection to kick start the wireless but you would have atleast a couple hours...

Honestly this topic could go many different ways... The idea that one day Hackers could join forces with criminals or terrorist and extort large companies or hold information/assets ransom just motivates me more to continue my education to become a top security consultant... A+ and Network+ down looking to expand my certifications. Where to go next...

I kind of did a pilot test on my own server via my own cell phone/laptop. Granted I had unlimited time and no one was going to call my cell phone in stolen and have it shut off, but the ability is definitely there. I had no time finding a way into my owner server out of the house and I was in with full control in just under 30 minutes. Might take some good social engineering to pick the right target/targets to pull off a large scale attack to find someone who is less likely to report the phone stolen immediately. Try and find someone with a company phone who would rather take some time to retrace his steps then report his phone stolen and face the repercussions... But the idea is DEFINITELY feasible and should be a security concern for major corporations who issue cell phones to employees IMHO. Especially if you receive your e-mail on the phone. That gives you a head start on where to start your research. You have all the information you need to find an exploit right off the get go. I might be thinking a very unlikely scenario, but imagine the possibilities and the quicker you can gain access with all of this knowledge. Theorycraft can be fun and scary, but if this was to actually go down this could end with horrible repercussions whether to the corporation or even to the country.