Search This Blog

Showing posts with label Smartphones. Show all posts

Safeguard Your Smartphones From Radio-based Attacks


Smartphones, unlike PCs, involve a range of radios – generally cellular, Wi-Fi, Bluetooth, and Near Field Communication (NFC) – that permit wireless communication in a variety of situations, and these radios are made to remain turned on while the user moves around the world. All smartphone users should be aware of the security implications of these wireless connections. 

Security flaws in these interfaces are a matter of concern, whether built into the protocol or discovered in a particular implementation. They can enable attackers to force connections to untrusted equipment, allowing them to extract data and even gain access to the target device. According to reports, RF-based tactics are used by sophisticated nation-state actors such as Russia and China, allegedly target people traveling through airports and other chokepoints. However, the tools for RF hacking are available to garden-variety hackers as well. 

Ways attackers engage in RF hacking: 

The IMSI catcher, also known as a cell-site simulator, false cell tower, rogue base station, StingRay, or dirtbox in cellular communications, is the biggest concern. An IMSI catcher is a piece of equipment that acts like a genuine cell tower, allowing a targeted smartphone to connect to it rather than the actual mobile network. It may be done using a variety of ways, such as impersonating a neighboring cell tower or using white noise to jam the competing 5G/4G/3G frequencies. 

The IMSI catcher places itself between the targeted smartphone and its cellular network after capturing the IMSI of the targeted smartphone. (the ID number connected to its SIM card). The IMSI catcher is then used to track the user's position, collect data from the phone, and, in some circumstances, even install spyware on the device. 

Unfortunately, there's no guaranteed method for the ordinary smartphone user to see or know they're connecting to a fraudulent cell tower, but there may be some hints: a notably slower connection or a change in a band in the phone's status bar. 

Though 5G in standalone mode promises to make IMSI catchers obsolete since the Subscription Permanent Identifier (SUPI) – 5G’s IMSI equivalent – is never exposed in the handshake between smartphone and cell tower. However, because these deployments account for a small percentage of all cellular networks, IMSI catchers will continue to be successful in the vast majority of situations in the near future. 

A Karma attack performed via a rogue access point is a critical danger to be mindful of on the Wi-Fi front. A rogue access point is often a Wi-Fi penetration testing device – the Wi-Fi Pineapple is one popular model – that is set up to attract unsuspecting users rather than auditing Wi-Fi networks. 

In a Karma attack, the rogue AP compromises a basic feature of smartphones and all Wi-Fi-enabled devices. When a smartphone's Wi-Fi is turned on but not connected to a network, the rogue AP broadcasts a preferred network list (PNL), which includes the SSIDs (Wi-Fi network names) of access points to which the device previously connected and is willing to reconnect to automatically without user intervention. 

The rogue AP provides itself an SSID from the PNL after getting this list, fooling the smartphone into thinking it's connected to a known Wi-Fi network. An intruder can spy on network traffic to acquire sensitive data after the targeted smartphone connects. This sort of attack is difficult to detect without continually monitoring the Wi-Fi indicator in the status bar. 

Bluetooth exploits: Instead of relying on constraints inherent in the protocol's standard operating procedures, attackers use particular weaknesses inside the protocol or its implementation to carry out an attack. Bluetooth is a very lengthy and complicated standard, which means there are more possibilities for flaws to arise in the protocol's code as well as for developers to make mistakes in their implementations. 

BlueBorne is a strong example of the damage that a Bluetooth-based assault may do. The BlueBorne vulnerabilities, first disclosed in 2017 and mainly fixed since then, are an attack vector that allows attackers to gain total control of a target device without having to pair with it or even having the device in discoverable mode. Bluetooth has enhanced privileges on nearly all operating systems, with components ranging from the hardware level to the application level, allowing for such control. 

Lastly, NFC is a technology that allows for payment between a smartphone and a retailer's terminal. Due to its limited range (approximately a mile), and fewer use cases, NFC attacks are possible. A malicious NFC tag on an Android device, for example, might immediately launch a malicious site in the user's browser if the device is unlocked. Weaponizing a malicious tag on iOS demands some social engineering, as a popup notifies the user that the tag wants to open a certain app; for example, in a transit station, the tag may request that the user open the most recent train timetable in their browser. 

Techniques to minimize risks: 

Although radio-based assaults on smartphones are frequently undetectable to the user and fall beyond the realm of most mobile security solutions, there are a few steps a user can take to protect their smartphone and data. 

Turning off radios (especially Wi-Fi and Bluetooth) while not in use or when in public is the most effective. If the smartphone permits it, disable 2G functionality to reduce the danger of IMSI catchers. Turn off auto-join for hotspots on Wi-Fi. Install security updates for Bluetooth as soon as they become available to ensure that any known Bluetooth flaws are addressed. 

If one often goes through chokepoints or known hostile regions, they should consider investing in a high-end Faraday case to protect against RF assaults (Faraday bags are generally inadequate against strong signals). The radios in smartphones are a crucial component of why these gadgets are so popular. People can escape being easy targets for the evil people with a little bit of knowledge and aggressive resistance against their misuse.

Apple and Samsung smart phones emits more radiofrequency radiation than allowed

Radiofrequency radiation emitted from popular smartphones like iPhone 7 and Samsung Galaxy S8 is more than double over the legal safety limit set by the US regulators, a Chicago Tribune investigation reveals.

The Federal Communications Commission, which regulates phones emission, cleared the devices for the sale, on its website it states that the device “will never exceed” the maximum allowable exposure limit, which is harmful to humans.

“We take seriously any claims on non-compliance with the RF (radiofrequency) exposure standards and will be obtaining and testing the subject phones for compliance with FCC rules,” agency spokesman Neil Grace said.

The test was sponsored by the Tribune and conducted as per the federal guidelines at an accredited lab.

A year ago, the Tribune set out an important question to explore: Are cellphones as safe as manufacturers and government regulators say?

The Tribune tested 11 cellphones by measuring how much radiofrequency radiations were absorbed by the human body if the device is positioned near to it. Most of the popular smartphones were proved to be hazardous for the human body.

Apple then issued a statement, questioning the Tribune's test results for the iPhone 7s “were inaccurate due to the test setup not being in accordance with procedures necessary to properly assess the iPhone models.”

“All iPhone models, including iPhone 7, are fully certified by the FCC and in every other country where iPhone is sold,” the statement said. “After careful review and subsequent validation of all iPhone models tested in the (Tribune) report, we confirmed we are in compliance and meet all applicable … exposure guidelines and limits.”

The Tribune tested 11 cellphone models by measuring how much radiofrequency radiation was absorbed by a simulated body positioned near the phone. The Federal Communications Commission has set an exposure limit of 1.6 watts per kilogram averaged over one gram of tissue.