Search and control of devices in GSM and CDMA networks (Black Hat announcement)
Next week, the traditional hacker Black Hat USA conference will take place in Las Vegas, to which many interesting reports have already been announced. For example, security experts Don Bailey and Matthew Solnik of iSEC Partners registered for participation with a report on War Texting: Identifying and Interacting with Devices on the Telephone Network . They promise to talk about how they managed to reverse engineer some proprietary protocols and unauthorized access to devices that are managed via SMS or GPRS.
Don Bailey and Matthew Solnik
Experts note that nowadays more and more devices are controlled through the public telephone network: these are A-GPS tracking devices, 3G surveillance cameras, traffic control systems, SCADA systems, intelligent home control systems and even cars.
These devices can receive commands via SMS or GPRS, including status requests or commands to upgrade the firmware, and sometimes even requests for data. According to hackers, devices in the public telephone network are not as easy to protect against access from the outside as IP systems on which a firewall is placed.
')
At the presentation, Don Bailey and Matthew Solnik promise to present "creative and successful ways of finding potential devices among millions of phone numbers." After detection and classification with the device, it is possible to communicate in “simple and effective ways”, which will also be demonstrated. It is planned to show simple scripts and software for using these methods in real life. Scripts and software are designed in a modular fashion, so independent researchers can add new profiles for new equipment and new ways of communication.
Don Bailey and Matthew Solnik told reporters that they had already put their research into practice. They say that they were able to recognize the protocols that are used to exchange data in the two car remote control systems, were able to fake the authentication key by analyzing the messages exchanged between the car and the server, after which they were able to successfully forge server SMS and establish a direct connection with the car.
They do not name specific protocols and brands of cars until the manufacturers release patches covering the holes. These can be systems like GM OnStar RemoteLink, BMW Assist, Ford Sync or Hyundai Blue Link.
Don Bailey and Matthew Solnik
Experts note that nowadays more and more devices are controlled through the public telephone network: these are A-GPS tracking devices, 3G surveillance cameras, traffic control systems, SCADA systems, intelligent home control systems and even cars.
These devices can receive commands via SMS or GPRS, including status requests or commands to upgrade the firmware, and sometimes even requests for data. According to hackers, devices in the public telephone network are not as easy to protect against access from the outside as IP systems on which a firewall is placed.
')
At the presentation, Don Bailey and Matthew Solnik promise to present "creative and successful ways of finding potential devices among millions of phone numbers." After detection and classification with the device, it is possible to communicate in “simple and effective ways”, which will also be demonstrated. It is planned to show simple scripts and software for using these methods in real life. Scripts and software are designed in a modular fashion, so independent researchers can add new profiles for new equipment and new ways of communication.
Don Bailey and Matthew Solnik told reporters that they had already put their research into practice. They say that they were able to recognize the protocols that are used to exchange data in the two car remote control systems, were able to fake the authentication key by analyzing the messages exchanged between the car and the server, after which they were able to successfully forge server SMS and establish a direct connection with the car.
They do not name specific protocols and brands of cars until the manufacturers release patches covering the holes. These can be systems like GM OnStar RemoteLink, BMW Assist, Ford Sync or Hyundai Blue Link.
Source: https://habr.com/ru/post/125182/
All Articles