Upload
aodrulez
View
1.831
Download
4
Tags:
Embed Size (px)
DESCRIPTION
My presentation for MalCon-2012. Videos are missing here as they were huge in size.
Citation preview
The Pied Piper. Atul Alex,
MalCon Team.
Mobile devices & “Security”
¤ Too many platforms to deal with.
¤ Too many restrictions on various tasks.
¤ “Encryption”.
¤ Software based attacks are becoming close to impossible.
The funny little jack!
Features?
¤ Using Voice dial feature to make & receive phone calls.
¤ Controlling the “Music Player”.
¤ Compatible devices : Wired Headsets, Bluetooth Headsets, In-Car Bluetooth Handsfree , external speakers & few others.
¤ Not a new technology & supported by most of the “mobile device” manufacturers.
Interesting facts!
¤ Headsets when plugged in, all audio output/input is routed through them by the phone & handset speakers/mic are usually* muted/disabled.
¤ The audio output voltage typically lies between 1~2.5v on phones/mobile devices.
¤ Almost all events on the phone are notified to the user with the help of corresponding tones/sounds.
Kung-Foo time!
¤ What if, we added a microcontroller to the headset’s circuit to do malicious things?
¤ Easily Possible stuff : ¤ Initiate phone calls without user interaction. ¤ Note duration of phone calls. ¤ Detect incoming/outgoing calls, sms & so on.
¤ Not so Easy yet possible stuff: ¤ Record dialed numbers on the phone’s keypad. ¤ Enumerate all contact-names in the phonebook. ¤ Record phone calls. ¤ Can be remotely activated to carry out any of these tasks.
Electronics Skill level : n00b--
The universal feature.
¤ Video of my Arduino circuit starting voice dial on all platforms. (iOS, Blackberry, Windows Phone-Lumia & Android-ZTE Blade)
Automatic phone calls through the Headset.
¤ Video demonstrating my Arduino circuit initiating a phone call on its own by “speaking” instead of the head-set’s microphone.
Detecting important events
¤ Video of detecting everytime a phone call is initiated & when it ends.
Enumerating “Contact” list.
¤ Video that enumerates contacts-list on my Blackberry
The Keypad-Logger
¤ Video of detecting numbers dialed on the phone’s keypad (Android based ZTE Blade) through just TRRS jack.
Things am currently working on (To-Do) :
¤ Record calls, contacts, dialed numbers to a Micro-SD Card & play it back over voice calls.
¤ Shrink the whole circuit to fit in your regular headset models.
¤ Looking into advanced stuff using SIRI & the Android’s voice action/search features.
Facts:
Facts:
Mitigation!
Questions please!
Thank you!
¤ Atul Alex Cherian.
¤ Blog : aodrulez.blogspot.in
¤ Twitter : Aodrulez
¤ Email : [email protected]