.

cellular MITM

<<

munkeyfreenix.batcat

User avatar

Newbie
Newbie

Posts: 11

Joined: Mon Mar 09, 2009 10:09 pm

Post Thu Mar 12, 2009 3:28 pm

cellular MITM

Can anyone point me in the right direction for cellular phone protocols? Is there an equivalent to ARP poisoning techniques for cellular? The protocols all are pretty complicated, so I figure there is no point in reinventing the wheel.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Mar 12, 2009 4:25 pm

Re: cellular MITM

I believe that actual voice conversations are encrypted (non-analog calls).  You can build devices to capture cellular traffic, but you would still have to decrypt the voice.  I am sure there are backdoors to the encryption, per the feds. 

See the following links for call interception devices:
http://www.cellularintercept.com/
http://www.global-security-solutions.com/PGFDigitalCellularIntercepter.htm

I am sure if you dig, you will find someone outside of your country who is willing to sell you such a device.  I pretty sure it will cost you.
~~~~~~~~~~~~~~
Ketchup
<<

munkeyfreenix.batcat

User avatar

Newbie
Newbie

Posts: 11

Joined: Mon Mar 09, 2009 10:09 pm

Post Thu Mar 12, 2009 7:00 pm

Re: cellular MITM

Damn, I don't think I've ever been so terrified by a website, nor intrigued.
Nothing supercedes the need to stop criminals before they strike, and bring outlaws to justice

Err, especially the bill of rights? hmm. Its not like

Honestly, I'm more interested in making really advanced prank calls by manipulating the ATM cells, that and using MitM concept to funnel traffic through my phone.

Encrypted yes, but not very advanced. I was just reading that the G3 network is still using symmetric encryption for backwards compatability, and that the SIM card holds the ticket. I'm sure the social engineers out there can convince people to let them 'borrow your SIM card for a moment', but im sure there is a way in.

anywhere I should look into how phones are identified on the network?
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Mar 12, 2009 11:16 pm

Re: cellular MITM

Yeah, I thought that was a bit funny in a self-righteous kind of way.

I don't know much about ATM cells.  I think an easier way for you to make prank calls would be to just clone a cell phone or two.  You would have to duplicate the ESN number and the phone number in the phone.  I believe that this is how a carrier identifies a headset.

http://www.collusion.org/Article.cfm?ID=383
~~~~~~~~~~~~~~
Ketchup
<<

munkeyfreenix.batcat

User avatar

Newbie
Newbie

Posts: 11

Joined: Mon Mar 09, 2009 10:09 pm

Post Mon Mar 16, 2009 3:43 pm

Re: cellular MITM

thanks. i'll look into that.

ATM cells are really small (about 48 bytes) but have a Virtual Channel and Virtual Path indicator in the header. But maybe going that low isn't all that necessary up front.

and prank calls are just the 'public face' of this idea. you can pass out a program with instructions on how to spoof a phone number, but those that know will be able to use it for alot more (for example, tunneling sensitive information through the audio signal of a phone conversation that is inserted and extracted using phase vocoding synthesis techniques, which then can be routed through various phones to avoid tracing). and of course, there will be little instruction (ie none) shipped with the app.

Return to Wireless

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software