Slashdot Mirror

← Back to Stories (view on slashdot.org)

4G and CDMA Reportedly Hacked At DEFCON

Posted by CmdrTaco on from the hack-and-slash dept.

An anonymous reader writes "At the DEFCON 19 hacking conference it seems that a full man-in-the-middle (MITM) attack was successfully launched against all 4G and CDMA transmissions in and around the venue, the Rio Hotel in Las Vegas. This MITM attack enabled hackers to gain permanent kernel-level root access in some Android and PC devices using a rootkit, and non-persistent user space access in others. In both cases, whoever launched this attack on CDMA and 4G devices was able to steal data and monitor conversations. For now the only evidence that such an attack occurred is a Full Disclosure mailing list post, but in the next few hours and days, depending on the response from cellular carriers, we should know whether it's real or not."

2 of 139 comments (clear)

  1. Don't take electronics, maybe? by Beardydog · · Score: 4, Interesting

    Why in god's name would anyone be willing to go to that with electronics? For god's sake, just take a pad and pencil! Even if you manage not to become part of a hilarious proof-of-concept hack to startle the audience into realizing how easy it is to X and Y someone's Z by forging an A with a malformed B, and avoid being targeted by some Russian mobster who's thrown out a dragnet for data on -other- people's new techniques ( and sure, credit card numbers and personal info, as long as were in there already, the place is still probably surrounded by black vans full of studious FBI, NSA, DHS, and CIA ( east AND west ) agents, all trying to hack, monitor, and watchlist you on completely separate orders and agendas. It's got to be just... a shitstorm. Am I wrong?

  2. Re:Relation between MITM and rootkit by tlhIngan · · Score: 3, Interesting

    So, to install the rootkit, you also need to exploit a bug in the user. Where do I file the bug report?

    The user is the biggest vulnerability. It's called the Dancing Pigs problem and it's extremely difficult to protect. In fact, popping up additional dialogs hurt security because of it (that Android permissions screen? Utterly useless - even if you make it so they have to check off every item then hit install).

    Hell, the age of the Honor System Virus is actually around. Facebook viruses and spam and such often rely on such odd techniques as well (click here and here and here, paste this URL, etc...).

    A simple popup like "Low battery" might be easily dismissed by anyone and no one is the wiser.