4G and CDMA Reportedly Hacked At DEFCON

An anonymous reader writes "At the DEFCON 19 hacking conference it seems that a full man-in-the-middle (MITM) attack was successfully launched against all 4G and CDMA transmissions in and around the venue, the Rio Hotel in Las Vegas. This MITM attack enabled hackers to gain permanent kernel-level root access in some Android and PC devices using a rootkit, and non-persistent user space access in others. In both cases, whoever launched this attack on CDMA and 4G devices was able to steal data and monitor conversations. For now the only evidence that such an attack occurred is a Full Disclosure mailing list post, but in the next few hours and days, depending on the response from cellular carriers, we should know whether it's real or not."

And they said I was crazy

[ArhcAngel]

for sticking with my RAZR! BWAHAHAHAH...

Relation between MITM and rootkit

[Bromskloss]

Achieving MITM status is a very different thing from installing a rootkit, in my mind. The summary left out how the two could be connected but the article mention something about it:

Coderman’s report suggests that, like Wi-Fi MITM, which regularly harasses surfers at DEF CONs and other hacker conventions, the attackers were able to inject custom packets into the 4G and CDMA data stream. These forged packets allowed the attackers to create on-screen prompts that, if clicked, installed a rootkit on the PC or Android device.

So, to install the rootkit, you also need to exploit a bug in the user. Where do I file the bug report?

Re:Relation between MITM and rootkit

The injected rootkits were specific to different android builds and phones. On some no prompt was needed, on others if a prompt was accepted we saw the phones get completely destroyed by the rootkits or have the microphones turned on. The WiMax in particular discussion is not LTE, but it is likely that LTE was compromised as well because the hardware required to MiTM WiMax would be software defined radio systems which could just as easily be programmed for 4G as 4G LTE emulation. No upgrades or installs or prompts were required for rooting, it was a progressive system of attacks whereby low-hanging fruit was plucked first, and later the horrific 0days came out to play.

Re:Relation between MITM and rootkit

[tlhIngan]

So, to install the rootkit, you also need to exploit a bug in the user. Where do I file the bug report?

The user is the biggest vulnerability. It's called the Dancing Pigs problem and it's extremely difficult to protect. In fact, popping up additional dialogs hurt security because of it (that Android permissions screen? Utterly useless - even if you make it so they have to check off every item then hit install).

Hell, the age of the Honor System Virus is actually around. Facebook viruses and spam and such often rely on such odd techniques as well (click here and here and here, paste this URL, etc...).

A simple popup like "Low battery" might be easily dismissed by anyone and no one is the wiser.

Define "4G"

[russlar]

Which "4G" technology are we talking? WiMAX? LTE? AT&T&Tmobile's HSPA cranked up to 11?

Don't take electronics, maybe?

[Beardydog]

Why in god's name would anyone be willing to go to that with electronics? For god's sake, just take a pad and pencil! Even if you manage not to become part of a hilarious proof-of-concept hack to startle the audience into realizing how easy it is to X and Y someone's Z by forging an A with a malformed B, and avoid being targeted by some Russian mobster who's thrown out a dragnet for data on -other- people's new techniques ( and sure, credit card numbers and personal info, as long as were in there already, the place is still probably surrounded by black vans full of studious FBI, NSA, DHS, and CIA ( east AND west ) agents, all trying to hack, monitor, and watchlist you on completely separate orders and agendas. It's got to be just... a shitstorm. Am I wrong?

Really surprised... not.

[ewanm89]

This is DEFCON, it's like putting every army and mercenary group in the world in one room without disarming them first. There is a reason why the DEFCON wireless network is described as the most hostile network on earth, it's more hostile than the internet itself.

Re:le sigh

[DrgnDancer]

My technology plan for BlackHat:

1) Put phone on airplane mode
2) Once a day, drive to the middle of the desert to check e-mail/voice mail/text messages.
3) Put phone back on airplane mode.
4) Hope some enterprising asshole hasn't put up some crap in the middle of the desert.

Probably a little over paranoid, but not much. In reality I'd probably be a bit less paranoid than that, but I'd definitely move a few hotels down to do anything more serious than checking text messages.

G is like san Re:Define "4G"

[140Mandak262Jamuna]

Most Asian languages use a suffix to indicate respectful reference. Japanese uses -san as in Suzuki-san or Yamomoto-san or Admiral Nakudo-san. Similarly Hindi uses ji. As in Obama-ji met the Senator Liberman-ji.

Most cell phone companies use the suffix G to add respectability to what is otherwise a meaningless number.

Re:If you give a mouse a cookie...

[Oswald+McWeany]

Decomposing plastic has no odor.

Re:And that ladies is geeks...

[Sancho]

For what it's worth, I still can't parse what your original post said, nor do I get the joke even after explanation.