cell phones

Up
The iPhone

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

From the Nefarious tech department at AHSA

For the ultimate in cell phone security you should take the battery out of the phone during activist gatherings.  If you need anon phone options try a prepaid phone and use cash only. In everyday life avoid bluetooth and search out a phone that enables you to turn off the GPS function unless 911 is dialed. Another possibility is to build a small faraday cage to house cell phone (esp. the iphone) during meetings (or enclose an entire room if your really ambitious)

Essential Bluetooth hacking tools
bluetooth-logo.jpgBluetooth technology is great. No doubt. It provides an easy way for a wide range of mobile devices to communicate with each other without the need for cables or wires. However, despite its obvious benefits, it can also be a potential threat for the privacy and security of Bluetooth users (remember Paris Hilton?).

If you are planning to gain a deeper understanding of Bluetooth security, you will need a good set of tools with which to work. By familiarizing yourself with the following tools, you will not only gain a knowledge of the vulnerabilities inherent in Bluetooth-enabled devices, but you will also get a glimpse at how an attacker might exploit them.

This hack highlights the essential tools, mostly for the Linux platform, that can be used to search out and hack Bluetooth-enabled devices.

Discovering Bluetooth Devices

BlueScanner - BlueScanner searches out for Bluetooth-enabled devices. It will try to extract as much information as possible for each newly discovered device. Download BlueScan.

BlueSniff - BlueSniff is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices. Download BlueSniff.

BTBrowser - Bluetooth Browser is a J2ME application that can browse and explore the technical specification of surrounding Bluetooth-enabled devices. You can browse device information and all supported profiles and service records of each device. BTBrowser works on phones that supports JSR-82 - the Java Bluetooth specification. Download BTBrowser.

BTCrawler -BTCrawler is a scanner for Windows Mobile based devices. It scans for other devices in range and performs service query. It implements the BlueJacking and BlueSnarfing attacks. Download BTCrawler.

Hacking Bluetooth Devices

BlueBugger -BlueBugger exploits the BlueBug vulnerability. BlueBug is the name of a set of Bluetooth security holes found in some Bluetooth-enabled mobile phones. By exploiting those vulnerabilities, one can gain an unauthorized access to the phone-book, calls lists and other private information. Download BlueBugger.

CIHWB - Can I Hack With Bluetooth (CIHWB) is a Bluetooth security auditing framework for Windows Mobile 2005. Currently it only support some Bluetooth exploits and tools like BlueSnarf, BlueJack, and some DoS attacks. Should work on any PocketPC with the Microsoft Bluetooth stack. Download CIHWB.

Bluediving - Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP packetgenerator, L2CAP connection resetter, RFCOMM scanner and greenplaque scanning mode. Download Bluediving.

Transient Bluetooth Environment Auditor - T-BEAR is a security-auditing platform for Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing tools and various cracking tools. Download T-BEAR.

Bluesnarfer - Bluesnarfer will download the phone-book of any mobile device vulnerable to Bluesnarfing. Bluesnarfing is a serious security flow discovered in several Bluetooth-enabled mobile phones. If a mobile phone is vulnerable, it is possible to connect to the phone without alerting the owner, and gain access to restricted portions of the stored data. Download Bluesnarfer.

BTcrack - BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack aims to reconstruct the Passkey and the Link key from captured Pairing exchanges. Download BTcrack.

Blooover II - Blooover II is a J2ME-based auditing tool. It is intended to serve as an auditing tool to check whether a mobile phone is vulnerable. Download Blooover II.

BlueTest - BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices. Download BlueTest.

BTAudit - BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices. Download BTAuding.

What’s next? Let everyone know to disable Bluetooth until they really need it. Additionally, make sure to update your phone software on a regular basis

 

Cell Phone Spying: Is Your Life Being Monitored?

It connects you to the world, but your cell phone could also be giving anyone from your boss to your wife a window into your every move.  The same technology that lets you stay in touch on-the-go can now let others tap into your private world — without you ever even suspecting something is awry.

The new generation

Long gone are the days of simple wiretapping, when the worst your phone could do was let someone listen in to your conversations.  The new generation of cell phone spying tools provides a lot more power.

Eavesdropping is easy.  All it takes is a two-minute software install and someone can record your calls and monitor your text messages.  They can even set up systems to be automatically alerted when you dial a certain number, then instantly patched into your conversation.  Anyone who can perform a basic internet search can find the tools and figure out how to do it in no time.

But the scarier stuff is what your phone can do when you aren’t even using it.  Let’s start with your location.

Simple surveillance

You don’t have to plant a CIA-style bug to conduct surveillance any more.  A service called World Tracker lets you use data from cell phone towers and GPS systems to pinpoint anyone’s exact whereabouts, any time — as long as they’ve got their phone on them.

All you have to do is log on to the web site and enter the target phone number.  The site sends a single text message to the phone that requires one response for confirmation.  Once the response is sent, you are locked in to their location and can track them step-by-step.  The response is only required the first time the phone is contacted, so you can imagine how easily it could be handled without the phone’s owner even knowing.

Once connected, the service shows you the exact location of the phone by the minute, conveniently pinpointed on a Google Map.  So far, the service is only available in the UK, but the company has indicated plans to expand its service to other countries soon.

Advanced eavesdropping

So you’ve figured out where someone is, but now you want to know what they’re actually doing.  Turns out you can listen in, even if they aren’t talking on their phone.

Dozens of programs are available that’ll turn any cell phone into a high-tech, long-range listening device.  And the scariest part?  They run virtually undetectable to the average eye.

Take, for example, Flexispy.  The service promises to let you “catch cheating wives or cheating husbands” and even “bug meeting rooms.”  Its tools use a phone’s microphone to let you hear essentially any conversations within earshot.  Once the program is installed, all you have to do is dial a number to tap into the phone’s mic and hear everything going on.  The phone won’t even ring, and its owner will have no idea you are virtually there at his side.

Recover deleted text messages (SMS) and last dialed numbers from any SIM cards and smart cards

Did you know that with the help of a simple, inexpensive device, anyone with access to your phone could read your private text messages (SMS), even if you have deleted them previously? This device can even recover contacts and a good number or previously dialed numbers.

Legal loopholes

You might be asking how this could possibly be legal.  Turns out, it isn’t - at least, not in the ways we just described.  Much like those fancy smoking devices designed “for tobacco use only,” the software itself gets by because of a disclaimer saying it doesn’t endorse any illegal use.

I did a little digging with our friends from Flexispy.  You won’t find it on the flashy front page, but buried a bit further in the site, the company says you’re fine to use their program only “on a phone that you own, for protecting your children,” or for purposes like “archiving data.”  It’s a bit of a contrast from the bold suggestions of “uncover[ing] employee espionage,” “catch[ing] cheating husbands,” and “bug[ging] meeting rooms” that fill the company’s materials.  After a little more explanation, their answer as to the legality of the service ends with a broad statement: “Please consult a qualified lawyer in your country for the correct answer to this question.”

Let me make it easier for you: Once you get into listening in to private conversations without either party’s consent, you’re treading rough water that could sweep you straight into jail.  Whether it’s an employee or a spouse on the receiving end of your mission, neither federal nor state privacy laws take violations lightly in America.  Getting caught could cost you several years behind bars, among other serious penalties.

Detecting and protecting

Finding spyware on your phone isn’t easy.  There are dozens of bug detectors available from surveillance companies, but the only true fix is taking your phone to your provider and having them wipe it out altogether.  That will restore the factory settings and clear out any hidden software that’s running on your phone.

Security experts say there may be some subtle signs your phone is invaded:

bulletYou seem to have trouble shutting it off, or it stays lit up after you’ve powered down.
bulletThe phone sometimes lights up when you aren’t making or receiving a call, or using any other function.
bulletYou regularly hear odd background noises or clicks when you’re on the phone.

Unfortunately, there isn’t much you can do to safeguard your cell just yet.  I’m sure it’s only a matter of time until we see McAfee-style programs to firewall your phone and keep intruders out.  For now, though, the only sure-fire form of protection is to keep a close guard on your phone.  Don’t accept Bluetooth connections unless you know what they are.  Most important, make sure no one has access to install something when you aren’t watching.  Otherwise, they may soon be watching you when you least expect it.

Study secretly tracks cell phone users outside US

BY SETH BORENSTEIN, AP Science WriterWed Jun 4, 2:35 PM ET
 

Researchers secretly tracked the locations of 100,000 people outside the United States through their cell phone use and concluded that most people rarely stray more than a few miles from home.

The first-of-its-kind study by Northeastern University raises privacy and ethical questions for its monitoring methods, which would be illegal in the United States.

It also yielded somewhat surprising results that reveal how little people move around in their daily lives. Nearly three-quarters of those studied mainly stayed within a 20-mile-wide circle for half a year.

The scientists would not say where the study was done, only describing the location as an industrialized nation.

Researchers used cell phone towers to track individuals' locations whenever they made or received phone calls and text messages over six months. In a second set of records, researchers took another 206 cell phones that had tracking devices in them and got records for their locations every two hours over a week's time period.

The study was based on cell phone records from a private company, whose name also was not disclosed.

Study co-author Cesar Hidalgo, a physics researcher at Northeastern, said he and his colleagues didn't know the individual phone numbers because they were disguised into "ugly" 26-digit-and-letter codes.

That type of nonconsensual tracking would be illegal in the United States, according to Rob Kenny, a spokesman for the Federal Communications Commission. Consensual tracking, however, is legal and even marketed as a special feature by some U.S. cell phone providers.

The study, published Thursday in the journal Nature, opens up the field of human-tracking for science and calls attention to what experts said is an emerging issue of locational privacy.

"This is a new step for science," said study co-author Albert-Lazlo Barabasi, director of Northeastern's Center for Complex Network Research. "For the first time we have a chance to really objectively follow certain aspects of human behavior."

Barabasi said he spent nearly half his time on the study worrying about privacy issues. Researchers didn't know which phone numbers were involved. They were not able to say precisely where people were, just which nearby cell phone tower was relaying the calls, which could be a matter of blocks or miles. They started with 6 million phone numbers and chose the 100,000 at random to provide "an extra layer" of anonymity for the research subjects, he said.

Barabasi said he did not check with any ethics panel. Hidalgo said they were not required to do so because the experiment involved physics, not biology. However, had they done so, they might have gotten an earful, suggested bioethicist Arthur Caplan at the University of Pennsylvania.

"There is plenty going on here that sets off ethical alarm bells about privacy and trustworthiness," Caplan said.

Studies done on normal behavior at public places is "fair game for researchers" as long as no one can figure out identities, Caplan said in an e-mail.

"So if I fight at a soccer match or walk through 30th Street train station in Philly, I can be studied," Caplan wrote. "But my cell phone is not public. My cell phone is personal. Tracking it and thus its owner is an active intrusion into personal privacy."

Paul Stephens, policy director at the Privacy Rights Clearinghouse in San Diego, said the nonconsensual part of the study raises the Big Brother issue.

"It certainly is a major concern for people who basically don't like to be tracked and shouldn't be tracked without their knowledge," Stephens said.

Study co-author Hidalgo said there is a difference between being a statistic — such as how many people buy a certain brand of computer — and a specific example. The people tracked in the study are more statistics than examples.

"In the wrong hands the data could be misused," Hidalgo said. "But in scientists' hands you're trying to look at broad patterns.... We're not trying to do evil things. We're trying to make the world a little better."

Knowing people's travel patterns can help design better transportation systems and give doctors guidance in fighting the spread of contagious diseases, he said.

The results also tell us something new about ourselves, including that we tend to go to the same places repeatedly, he said.

"Despite the fact that we think of ourselves as spontaneous and unpredictable ... we do have our patterns we move along and for the vast majority of people it's a short distance," Barabasi said.

The study found that nearly half of the people in the study pretty much keep to a circle little more than six miles wide and that 83 percent of the people tracked mostly stay within a 37-mile wide circle.

But then there are the people who are the travel equivalent of the super-rich, said Hidalgo, who travels more than 150 miles every weekend to visit his girlfriend. Nearly 3 percent of the population regularly go beyond a 200-mile wide circle. Less than 1 percent of people travel often out of a 621-mile circle.

But most people like to stay much closer to home. Hidalgo said he understands why: "There's a lot of people who don't like hectic lives. Travel is such a hassle."

___

On the Net:

Nature: http://www.nature.com/nature