Israeli Firm Creates a Device That Can Hack Any Nearby Phone

An anonymous reader writes: Israeli startup Rayzone created a device that can hack any smartphone that has its WiFi connection open. The device can steal passwords, files, contact lists, photos, and various others. Called InterApp, the device is dumb-proof (comes with a shiny admin panel), works on hundreds of devices at the same time, and leaves no forensics traces behind after the hack. The company says it will only sell it to law enforcement agencies.

Colour me suspicious

[sandbagger]

Given the way panicked elected officials think, and the fact that kids of people attracted to life in uniform are of exactly the opposite mindset needed to go into computer science, I'm guessing this is an overblown and over promoted 'grabs text transmitted in the clear' thing that's not designed to do much other than pick the pockets of taxpayers.

Re:Colour me suspicious

With so many exploits for Android versions on older phones that will never see a update again, it's not too hard of a stretch to make something like this.

Re:Colour me suspicious

It's more like load Nessus onto a portable device, create an open wifi network, and then scan and exploit any phone dumb enough to connect. So, tell your phone not to connect to unknown networks, or networks without a shared secret.

Re: Colour me suspicious

Actually I've never owned a iPhone, I could never justify owning one on my paycheck.

Re: Colour me suspicious

Idiot.

It says it works on any phone, not just androids.

But feel free to keep sucking Tim Cook's iPenis all day long, Mactard.

This post brought to you by one of the millions of narcissistic elitist brainless cocksuckers at Google.

Re:Colour me suspicious

If only it was that simple. You may want to do some reading up on how poorly smartphone WiFi tends to be implemented.

Re: Colour me suspicious

Any phone, as long as it's an android.

Re: Colour me suspicious

[shmlco]

It says it works on a "variety" of platforms, but doesn't list any by name in the release nor on their web site.

Re:Colour me suspicious

Are SSID's stored with a corresponding MAC address or other unique information, or does WiFi simply say "I know that SSID, let's connect!"

Actually I already know the answer to this. Rayzone has simply created a portable "attwifi" hotspot.

Re: Colour me suspicious

[guruevi]

There's a reason it doesn't work that way. Wifi does support AP hopping (it will pick different APs depending on signal strength) as long as they have the same ssid and are on the same network. That's why your connection continues working even though it switches from 80211n to 80211g (which is technically a different AP) as you go out of range of the former.

Re: Colour me suspicious

[Proudrooster]

Read the ad carefully and look at the screen shot. It works on older versions of IOS and Androids. It exploits the cloud push notification system.

Re:Colour me suspicious

[gtall]

Really? Read up on Special Ops sometime, you are about 30 years behind the times.

Re: Colour me suspicious

[harlequinn]

It only works on phones that meet the specified criteria:

"smartphones that have their WiFi connection open, and then, employing a diverse arsenal of security vulnerabilities, gain root permission on devices"

I.e. they must have an open wifi connection and they must have an unpatched security vulnerability.

This automatically excludes millions of older phones of various brands that don't have wifi, any phone with wifi disabled, and any phone with encrypted wifi.

And if the phone is fully patched for known exploits, they need a zero day attack.

Re: Colour me suspicious

[dbIII]

So my N900 is safe since it has a real linux and built with security in mind (and is too big, heavy and ugly for physical theft to be considered).

Re: Colour me suspicious

So my N900 is safe since it has a real linux and built with security in mind (and is too big, heavy and ugly for physical theft to be considered).

Plus, if anybody wants to steal it, you can use it to knock him unconscious.
But the microusb port would fall off (if it hasn't yet).

Re: Colour me suspicious

[davester666]

So, you are saying that you are unemployed? Or only use a phone that you've stolen? Or your salary is very unstable month to month so you can't afford a monthly carrier bill?

Because carriers have offered iPhones for as little as $0 with a contract. And then there is getting a used iPhone from someone upgrading to the latest one.

Re: Colour me suspicious

[davester666]

Right. More likely, nobody has spent any effort in trying to hack it because there are only a couple hundred being used now around the world. And none of them are doing anything but living in the past.

Re: Colour me suspicious

[dbIII]

If there was something new with the same features it would be a case of living in the past. Sadly not - there are a whole lot of phones that have to be "jailbroken" instead of ones like the N900 where you get full control out of the box - and that's without even considering the keyboard etc.

Re: Colour me suspicious

For heavily overpriced contracts you mean?

Re: Colour me suspicious

[dank101]

So... it's basically useless on any flickphone. Wow, how dangerous, all I need to do is turn my phone off.

Re:Colour me suspicious

[dcw3]

Blah, blah, blah....and the fact that kids of people attracted to life in uniform are of exactly the opposite mindset needed to go into computer science...

Really? Where in fantasyland did you come up with that bullshit?

Re: Colour me suspicious

[The-Ixian]

I am sure it comes down to priorities.

I completely get it. I *could* spend $500 on an iPhone or I could spend $50 on a Windows phone that is just as fast.

I will never do the "contract" thing again, it is just a waste of money. $40 / month pre-paid with unlimited data and text seems a lot more reasonable than $80 / month for basically the same thing under contract. Where does the extra $40 / month go? Paying off the iPhone... which you will have paid almost $1000 for by the end of the 2 year contract.

I highly doubt it.

The chances that it can get into ANY phone from the Wi-FI connection is virtually nil. Anyone with an ounce of tech knowledge should be highly suspect of everything they're claiming the device does.

Re:I highly doubt it.

I don't think so. All you need is a list of 0-day exploits and keep it up to date. There are several competitors who already offer the same service, though usually not on the basis of a single device. FinFisher, for example.

Re:I highly doubt it.

Wasn't there a israeli firm who claimed to make any windows "hack" proof?

What would happen if the "hack proof" firm and the "hack anything" firm tried it on the same device? Maybe that's what got the dinosaurs extinct?

Re:I highly doubt it.

[Earthquake+Retrofit]

But, but... I've been seeing Reese and Root force pairing phones for years now. Nothing new to see here.

Re:I highly doubt it.

[Noah+Haders]

I'm trying to figure out how this works and what the threat level is. does it just lurk in the background and record any traffic going back and forth? or does it infiltrate the phone and extract things? The latter is obviously much more scary.

here's a list of what the device purports to capture (FTFA):

InterApp system extracts the following information from the targets smartphone:
User email address, password and content
Twitter, Facebook and other social media passwords and information
Dropbox passwords & content
Previous locations on map
MSISDN and IMEI identities
MAC address, device model, operating system Contact list of the target
Photos
Targets personal info: gender, age, address, education, etc.

Re:I highly doubt it.

[JustAnotherOldGuy]

InterApp system extracts the following information from the targets smartphone:
User email address, password and content
Twitter, Facebook and other social media passwords and information
Dropbox passwords & content
Previous locations on map
MSISDN and IMEI identities
MAC address, device model, operating system Contact list of the target
Photos
Targets personal info: gender, age, address, education, etc.

Ha ha, the joke is on them- I don't have any of that shit on my phone, lol.

My old phone is only slightly smarter than a brick or a wet pack of matches, good luck getting anything from it. InterApp can hack my phone all day long and they won't even get a fucking dial tone.

Ancient flip-phone FOR THE WIN, BABY!

Re:I highly doubt it.

[mikael]

If you disabled the TCP/IP stack, it would be rather hard to connect to through the network. But what about that remote shutdown feature that Sandy Bridge processors have.

http://www.techspot.com/news/4...

Re:I highly doubt it.

Every time I'm trying to look into it, my attention slips and the targets look nothing like Reese and Root but something perfectly harmless. I must be off to command my trusting minions to discover a link level weakness for me to exploit now.

Re:I highly doubt it.

[currently_awake]

There are only a handful of companies making phone chip sets. It would be easy for the NSA to pay off enough people to install backdoor hardware in the designs, to allow remote access. Such access would bypass the phone software completely, and be very hard to detect. The payoff to cost ratio (ROI) is so high we should assume it's already happened.

Re:I highly doubt it.

[jon3k]

If the NSA wanted something from you then they'd just put a bag over your head and hit you with a pipe wrench until you told them what the want. The only difference is you live a life of inconvenience under the guise of security.

Re:I highly doubt it.

I don't think so. All you need is a list of 0-day exploits and keep it up to date. There are several competitors who already offer the same service, though usually not on the basis of a single device. FinFisher, for example.

FinFisher has to be installed, and they pretty much use the same methods as other malware to do so. Keeping an up to date list of 0 day exploits for the various current phone OSs, along with the different hardware would be difficult at best. The fact that some of what they claim to be able to get isn't even necessarily on the phone.

Really if you look at what they're doing, it's basically just setting a wi-fi connection and stealing what info they can from the traffic over that. In otherwords, super overblown hype for nothing that's really far below their claims in ability.

Hey, guess what? Don't connect to unknown, unsecured Wi-fi networks that could slurp up your traffic.

Re:I highly doubt it.

That's sounds like bullshit to me. FinFisher does not need to be installed (unless you the the base station software for the operators), they have offered working exploits / deployment solutions for any target architecture for years. Source: Their own advertisements.

And there are many other companies who offer 0-day exploits. The only "though" target nowadays may be iOS, but even that is broken customarily.

Re:I highly doubt it.

[Galactic+Dominator]

Oh boy, that's hilarious. You really got them good there.

Non-smartphone not vulnerable to smartphone attack.
News at 11.

Not that I believe the claims of this company to begin with though. Probably like the ADE 651.

Re:I highly doubt it.

This has been their SOP for decades now. Not paying people off as much as positioning operatives where they need to be.

Re: I highly doubt it.

[UttBuggly]

Indeed, that was my first thought...they do this on Person Of Interest!

Maybe the Israelis are big fans or this is life imitating art once more.

Re: I highly doubt it.

No, that's the CIA's methodology. The NSA is full of introverts who don't like pipe wrenches because they're heavy.

Re:I highly doubt it.

Any govt agency could beat you with a wrench to get what they want. This is TARGETED at a specific person and requires time, money, and resources. If the government wants you, the TARGETED person, there is very little you can do about it. They have had this capability before the USA existed.

In the past several decades governments have done BULK surveillance, collecting massive amounts of data on everyone and spend very money little doing so. Bulk surveillance reduces the peoples' confidence in the government and is very bad for our country. It is unacceptable and, in my opinion, treason.

Thankfully there are many things anyone can do to reduce bulk capturing of their electronic footprint, mainly by leaving less of a footprint. Power off your cellphone and remove the battery when not in use. Use cash for everyday purchases. Stop using electronic billing and go back to paper bills. Your "papers" are specifically protected in the USA constitution, your e-mail is not. E-mails older than 6-months don't even require a warrant. The government could request my account information and e-mail from a provider, but then they would be TARGETING me, and I'm not too worried about TARGETED surveillance. That said, there is nothing wrong with making TARGETED surveillance tougher, but that is not my goal. Giving up my cellphone was the toughest, after a while it gets easier. If you *must* be contactable at times get a nice one-way pager, keep a cellphone in the car with the battery removed. There is no one-size-fits-all for personal privacy, each person needs to figure out how much inconvenience you are willing to put up. I'm willing to accept a lot of inconvenience.

Re: I highly doubt it.

Look up the word "clandestine" some day. Hitting you with a wrench kind of wrecks the whole "do it in secrecy without the target knowing about it" bit.

Re:I highly doubt it.

Any govt agency could beat you with a wrench to get what they want.

Not the NSA, because that work is not intellectually challenging and the wrenches are too heavy.

Re:I highly doubt it.

[JustAnotherOldGuy]

If the NSA wanted something from you then they'd just put a bag over your head and hit you with a pipe wrench until you told them what the want.

Of course they would, but that would mean they'd have to a) buy a pipe and b) drive out to my house. Sounds like a lot of trouble for guys used to stroking a keyboard all day long, doncha think?

-

The only difference is you live a life of inconvenience under the guise of security.

Lol, trust me, it's no inconvenience not to have facebook or twitter or any of that other crap on my phone. Only lifeless millennials and other douchebag dweebs/bros/hipsters think that shit is "indispensable" to life.

No, I carry an ancient flip-phone because it's rugged and does everything I want, not because I'm worried about the NSA/FBI/CIA/whatever tapping my communications.

Frankly I feel sorry for the poor bastard tasked with monitoring me, that guy is gonna die of boredom right quick. A trip to the coffee pot will be the highlight of his day.

Re:I highly doubt it.

[JustAnotherOldGuy]

Not that I believe the claims of this company to begin with though. Probably like the ADE 651.

That was more or less my take on it. Although, who knows, stranger things have happened.

Re:I highly doubt it.

[swillden]

There are only a handful of companies making phone chip sets. It would be easy for the NSA to pay off enough people to install backdoor hardware in the designs, to allow remote access. Such access would bypass the phone software completely, and be very hard to detect.

Thinking about this in the context of Android (since that's what I know -- though I don't know as much as I should about the radio subsystems), it is conceivable that there are back doors in the radio (Wifi and cellular; they're different, and separate) chipset firmware. The radio chipsets don't have any access to device storage, though, so without some additional steps this could only be used to get data flowing through the relevant radio. Exfiltrating the data obtained would presumably have to be done via the same radio. In the case of Wifi this would be pretty easy to detect by anyone monitoring Wifi transmissions, or examining the data flowing through the Wifi router. If the data were encrypted it might not be possible to tell what the unexplained data was, but its presence and destination could easily be observed.

If the drivers that talk to the radio firmware modules are also backdoored, then the drivers could be used to take control of the Linux kernel, and thereby take control of the entire Android system. Stuff protected by the Trusted Execution Environment (TEE) wouldn't be affected, but TEE software also comes from a small set of vendors, and most comes in binary form only. The exception is Google's "Trusty" OS, which open source, but is used (thus far) only on the Nexus 9 [1]. So if the NSA could get backdoors into the radio firmware, it could probably get them into the TEEs as well. Except on Nexus 9.

However, assuming such firmware backdoors exist, it seems like they would be closely guarded secrets of the agencies that arranged for them to be installed, not something they'd share with some Israeli company, and absolutely not something they'd want embedded in a commercial product where it could discovered easily, just by watching what it transmits.

For that matter, I'm skeptical that such back doors exist. Many people have reverse engineered the common baseband and Wifi chipset firmware modules, and no such backdoors have been found, which means that if they're there, they're pretty well-concealed. If anything, I'd bet that rather than full-blown back doors, there are merely subtle security vulnerabilities which can be exploited and then chained with other exploits to pwn the device. Again, though, I'm skeptical that this one Israeli company has such powerful knowledge and extremely skeptical that they'd put it in a commercial product where knowledge of it could be easily discovered.

Re:I highly doubt it.

[swillden]

Oops, sorry about the extraneous footnote marker, the "[1]". I had added it intending to mention something about the Pixel C that isn't really relevant, but is kind of cool, but then decided not to bother, because it's not really relevant. The irrelevant but cool thing I was going to add was that the Pixel C is the only device I'm aware of that allows the user to install their own TEE software.

Re:I highly doubt it.

[cfalcon]

Remember there is risk here too. I don't trust hardware much- and hardware encryption seems almost guaranteed to be broken- but there is some possible recourse to detect at least many of the ways a chip would be compromised- and would a company be able to bounce back from that?

Re:I highly doubt it.

[mlts]

There are ways to improve the security of Windows. EMET comes to mind, which is a useful tool for catching 0-days. Not perfect (as it was bypassed), but a decent jump in security.

As for making a Wi-Fi connection, I do know on Android and iOS, you can have it not search for Wi-Fi access points unless you explicitly bring that up. You can also use an always-on VPN which won't let traffic through until the VPN tunnel is up and operable.

I always use a VPN, especially after things like Verizon's UIDH. Plus, a VPN gives me a known IP address range, so I can have services that are at home (like SSH, IMAPS, etc.) only be allowed to connect to that range of IPs, and ignore everything else.

For other attacks, on Android, since one has control of the netfilter/iptables of the device (assuming rooted), one can easily modify what goes in/out either directly, or via an app. This is effective in not just blocking incoming attacks, but keeping apps that shouldn't be phoning home from doing so. It also is a last resort save from apps that have more "functionality" than they are supposed to.

Re:I highly doubt it.

The baseband CPU has full memory access on most modern cell-phone SOCs.

Re:I highly doubt it.

[Pentium100]

They wouldn't even need the pipe wrench. However, they would need to send someone to ask me those questions or have someone track me etc. This requires manpower and resources instead of just having data mining algorithms run on facebook posts etc and only having a person to look at the data if the algorithm finds something interesting.

If you want to track me, you can, there isn't much I can do about it. However, I can make it more expensive for you to do it.

Re: I highly doubt it.

Eh? Right. An OS, doesn't go to the WiFi without what being installed? That device, is a communicator, and is what? Designed to steal, t isn't a chip designed to get powered on and copy, all,where does it copy too? So its a small computer that needs programs, memory and storage, and a target. Some white hat needs now, to figure out how to firewall a device that's handheld. Black ice for cider anyone?

Re:I highly doubt it.

[swillden]

The baseband CPU has full memory access on most modern cell-phone SOCs.

Really? Though I don't know that much about that area, that surprising to me. It would require the baseband CPU to have access to the MMU, and the MMU to have some means of coordinating requests from multiple sources. That seems like a lot of complexity for relatively little gain.

I'm not saying you're wrong, just that it's not obvious why it would be architected that way, which makes me skeptical.

Re:I highly doubt it.

Really? And why does my phone want to connect with your device? If I have it set not to prompt or try to connect to networks in range why does it give a toss?

Re:I highly doubt it.

Don't forget "and the battery lasts around 7 days"

Re:I highly doubt it.

[dsmatthews9379]

Unless there is some common flaw in an area such as the firmware of the MCU that is attached to the WiFi radio and that can be exploited to open a back door by mimicking user actions to "open up" the phone. If that is the case the security and type of the OS running on the main processor of the phone may not matter much. If they are not interfering at a level below the radio then there is a lot less they could do with encrypted packets, other than the usual man-in-the-middle type attacks.

Re:I highly doubt it.

[rtb61]

There is a real legal problem in gaining and using, a user name and password because the claimed evidence can now be readily tainted by those involved in it's collection. Something the courts will have to start dealing with, basically this sort of device renders all digital evidence purely circumstantial, as it proves all those devices can be readily hacked and false evidence planted. They are no selling anything to police, they are selling stuff to be used by defence attorneys all over the world. There is a reason this kind of stuff is kept secret by those in authority, it hides the fact that they can and do plant any digital evidence they want on any device they want, a real legal problem, as it becomes more evident. So who is guilty for what is on a Windows anal probe 10 computer, M$ or the end user or anyone who hacks that connection.

Re:I highly doubt it.

We really need a billion dollar class action lawsuit to bring a big company down one of these days for putting a backdoor in something.

Re:I highly doubt it.

Source: Their own advertisements.

Yeah.... you really don't see any reason to find the source of that questionable?

I'm sorry that all you know about it is what comes from their own advertising, but the FinFisher is just some fancy spy/malware and gets one machines through the same basic methods, not some great internet boogie man with magical secret exploits.

Re:I highly doubt it.

It wouldn't require that. Have you ever heard of DMA? Haven't you seen the demos where any system can be hacked, regardless of OS, simply by plugging a device into a firewire port and then manipulating the data in RAM directly?

Same principle, the baseband CPU could simply use DMA to patch the kernel or other software in memory.

Re:I highly doubt it.

[swillden]

Have you ever heard of DMA?

The DMA controller is managed by the main CPU. It would be a security nightmare if any peripheral could initiate its own DMA transfers to any part of physical memory at any time.

Haven't you seen the demos where any system can be hacked, regardless of OS, simply by plugging a device into a firewire port and then manipulating the data in RAM directly?

That only works if the DMA controller is configured to allow it. Prior to the discovery of DMA attacks, OSes did configure their controllers to allow Firewire and other OHCI 1394 devices unlimited access. I think that's been fixed in Linux for some time, and Windows now has some mitigation as well. Android devices don't generally have that sort of hardware, and aren't supposed to allow any peripherals unlimited DMA access even if they do.

Re:I highly doubt it.

[swillden]

We really need a billion dollar class action lawsuit to bring a big company down one of these days for putting a backdoor in something.

Well, we'd need to find one, first.

Re:I highly doubt it.

[AmiMoJo]

Maybe, if you are a high value target that they are able to kidnap. For most people though the more likely danger is from other lower level law enforcement agencies like the FBI or local police. Encryption works extremely well against them.

Re:I highly doubt it.

[AmiMoJo]

This is obvious bullshit. Let's consider what they could do using the most powerful known attacks.

They could set up a man-in-the-middle attack. Anything unencrypted would be easily readable. Nothing exceptional there. They could spoof security certs so that they could read encrypted traffic, but it would be highly ineffective. Android pins critical certs, and apps (especially web browsers) will issue dire warnings. I'm not even sure you can bypass the warnings in Chrome anymore.

They could use exploits with their MITM attack. They would needs lots of zero day ones, constantly updated. Chances are that even then they would need to induce the user to connect to their evil AP.

So realistically, we can conclude that they are lying and just trying to scam clueless governments it of some cash.

Re:I highly doubt it.

LOL, You're assuming they would be at the code level and not the silicon level...

Re: I highly doubt it.

You are far from safe. In 2014, several serious vulnerabilities were found in the ss7 signaling protocol that is used basically everywhere. 10 bucks to a chinese company and I own your phone. There was a nice talk about it somewhere, I can't find it unfortunately but Wikipedia has info as well:

https://en.m.wikipedia.org/wiki/Signalling_System_No._7
(Protocol Security Vulnerabilities)

Re: I highly doubt it.

[ls671]

Clandestine Information Association?

Re: I highly doubt it.

Look up the word "clandestine" some day. Hitting you with a wrench kind of wrecks the whole "do it in secrecy without the target knowing about it" bit.

If the target remembers, you were not hitting hard enough.

Re: I highly doubt it.

There was a nice talk about it somewhere, I can't find it unfortunately [...]

This one?

Re:I highly doubt it.

[swillden]

LOL, You're assuming they would be at the code level and not the silicon level...

That doesn't really change the analysis, except to make even less likely -- if such backdoors exist -- that some Israeli company would be in on the secret.

Re:I highly doubt it.

You're thinking like the old school ISA DMA system where the CPU has to configure where the DMA points.

Once we got to PCI, it was done on a trust-the-peripheral model, so that fun stuff like 3d cards could grab textures from main memory on their own terms, network cards could do scatter-gather buffer operations so that a large contiguous buffer isn't needed, firewire can be allowed to do its thing without much CPU intervention, etc and so on.

It wasn't until IOMMUs became commonplace that it was even *possible* to secure this kind of stuff from the host CPU perspective. I don't think anything like IOMMU is implemented in ARM chips yet.

"Hundreds of devices"

But what mobile operating systems? Both Android and iOS? Windows Phone? Sailfish?

Re:"Hundreds of devices"

[Galactic+Dominator]

I think *any* has a pretty clear definition but maybe that's just me.

Re: "Hundreds of devices"

At one point in time so did "unlimited" but that was changed because the original didn't meet the needs of corporate profitability.

That's CRACK any nearby phone

And I can do that myself easily enough.

Re: That's CRACK any nearby phone

Just grab the phone, smash it to the ground, and I betcha the screen will break. There, cracked for you!

Re:That's CRACK any nearby phone

Cool story, could have used a vampire.

Won't Work On This Phone...

InterApp won't work on this phone.

But seriously, how insane are we to pay for the privilege of carrying a device that tracks our whereabouts, collects our personal information, and will render an account of our lives to government officials without our consent?

nice ...

and it does what?

My 2c

[bytesex]

It's either 'what a load of marketing crock have I just read won't someone pay for those dear 20 seconds of life I just lost', or 'guess which company is going to be the next hackerteam'. I can't decide.

Sunday Sarcasm.

[geekmux]

The company says it will only sell it to law enforcement agency.

Oh, thank goodness, what a relief.

For a minute there I was worried that this would fall into the hands of people who might abuse this technology, or even break the law.

Because of course, that would never happen.

Oh gee, what a coincidence, this company sells an IMSI catcher too...

Short: No, but only "outdated" mobile devices

[burni2]

Hey slashdot.editors,

this is slashdot a news-site for nerds that mostly have a basic understanding of the "cracking" processes

And btw. the softpedia page is full of marketing speech shit.

Q: How can I "enter" a smartphone without physical contact?

A: There must be a security hole.
(the term outdated hints that there are -known- sec holes in older devices)

Q: How can I "enter" a smartphone without physical contact? another way

A: The user connects to an access point with/out any or weak encryption and the eMail app does not know of any current encryption

Q: How can I "enter" a smartphone without physical contact? another nother way

A: The user connects to an access point I control and I tell their eMail app that I'm from turk-trust and naserbajew-trust and that I'm Vladimir Putin the most trustworthy entity only followed by the NSA.

(Man in the middle attack)

Re:Short: No, but only "outdated" mobile devices

I quite clicking through to softpedia - they seem spammy to me.

The definition of "hack"...

[carlhaagen]

...seems to have its bar lowered every year by mainstream journalism and wannabe computer "aficionados".

Re:The definition of "hack"...

[JustAnotherOldGuy]

Slashdot editors: "Wee right good sew ewe dont half two"

Tell me...

...each time you logon or hack a phone, it take a picture of the user and send it with the location to a court who records the use and the warrant that they issues for this use. Yeah, right. We are doomed, Freedom is dead.

Done before?

[Euphorinaut]

Is this different than the devices that Japanese dude was putting on stray cats?

Old news

This is old news. This device has been around for many years, before it was made public press. It is out for publication now only because its application is viable for mostly for outdated devices. Know this, secret spyware are, well, kept secret, and only out of the box in public streams once their effectiveness is not as good, compromised, or there is another device that we don't know of that supersedes it. The fact that we are reading this in popular press just means that it's probably mostly useless at this point.

Re: Coming soon to U.S. technology firms

Israel and the US are in bed with each other. It's the Palestinian that need to worried.

As an added bonus

[microcars]

it also finds missing Golf Balls

It's just where this technology was always going

Next stop for this technology John Q Hacker... as ever. It was bound to happen, given the perceived high value of phone information. Phones are essentially designed, manufactured and treated like consumer-level toys by people and targeted like military bullseyes by spies. Guess who wins that one and guess how much they win it by.

It's the reason I don't want a smartphone anymore.

too many missing information

how can smartphone operating systems be so vulnerable to such massive attack?
which "mobile OS's" are they talking about? does this include Ubuntu Touch and Sailfish?
If an app can't access photos on my iPhone without my permission, how can this device do this without being noticed?
if it can obtain root access and do all this shit how is it not traceable?
how can a wifi signal even break into a phone? shouldn't there be at least a handshake before either device accepts to communicate with the other?

this is too good to be true

Re:too many missing information

[Bert64]

It's possible but unlikely...
If a device gets root on your phone then it's untraceable after the fact - as with root it has sufficient access to remove any traces that it was ever there.

There have been jailbreaks for phones which executed from within the browser, to exploit such a vulnerability on a wireless network under your own control only requires that the victim attempt to make a single http request over your network. The same is potentially true for any application which makes an outbound connection over a network you control.

Apps ask for your permission because they play by the rules, software running as root is not constrained by such things.

In any case, you would need the device to connect to your rogue wireless network (which isnt too hard really, you broadcast the ssid of a common free public wifi network and lots of devices will automatically connect) and potentially for some software on that device to make an insecure request over your network that you can intercept.
In all cases you would need to be aware of a vulnerability in the device you're targeting.

Partial Immunity

[amberdalan]

I manually manage my phones data, both LTE and wifi. I turn it on only when needed, and turn it off when I am done. I only connect my wifi to AP's I know and trust. (all 2 of them) I do this mainly to extend battery life, but in part because I barely trust the few app's I have. It seems to me that my everyday usage provides a moderate amount of immunity to this particular "attack". I have no illusions about the security of my phone. I will never mobile bank on it. I do not check my primary email account on it. I backup my data (pictures) to my computer, not drop box or any other cloud storage. I assume that anything I upload to the cloud can and will be made public. I don't trust my carrier, my email providers, my ISP, or any cloud with anything more than what is absolutely needed to maintain the service. We've seen the breaches, the hacks, the outing of private information from individuals, major companies, and even governments. I'm in a position where I do not have to trust, so why open attack vectors if I don't have to?

Turn it off. Problem solved.

[ITRambo]

I turn Wi-Fi off when I'm heading out and turn Bluetooth on so it works in my car. At home I do the reverse. This was done to extend battery life. Now, there appear to be additional reasons to turn off Wi-Fi. Who needs to have their phone brute force attacked by mindless thugs via Wi-Fi?

Re:Turn it off. Problem solved.

Check out "WiFi Scanning" on the newer Android devices/OS. Even when it's off, it's not necessarily "off".

Re:Turn it off. Problem solved.

[zenlessyank]

I have Nokia 521 Windows 8 phone and it has a bug that won't let it send SMS messages if the WiFi is on. So I have to keep it off else no SMS which is what I use the phone for mostly. So glad MS is looking out for me. ;)

I would feel safer

if they only sell it to the crooks

Re: Coming soon to U.S. technology firms

You're a moron.

Re:B.D.S.

Why BDS when you can BDSM yourself?

Cultual Bias In affect.

If Mark Suckerburg or Bill Gates had made this announcement the world would be in an uproar. However because it is an Israeli company they get a pass. In todays world everything is reported / applauded / condemned based on the perceived racial ethnic characteristics of the players. Jews and 'Latinos' are not considered to be white. Today the only unforgiveable sin is being white. If a White guy making a cat call he will receive a world of shit. A latino making a cat call gets called Romantic. Mark Sucker burg spying on everyone. That is evil. Israeli company making devices to spy on people. Gosh those Jews are soo smart and hard working .

That is even more doubtful

[aepervius]

See there is this thing which is called russia, europe, china. None of which would willingly go with NSA plan for good reason. So.... What is the chance do you think that local firm building phone in every of those country would allow for such hole ? And what would be their reaction if it was found out ? The risk would not be worth the try.

Re:That is even more doubtful

Whatever vulnerabilities the NSA can discover, so too can FSB or Mossad or North Korea's Ministry of State Security or any other significant state actor. Likewise, any hardware backdoor inserted by NSA can also be sold by the manufacturer to these competing agencies (their dollars are all green), or found and used by them independently.

It's the same reason you can't put a backdoor in crypto, sooner or later someone's going to sell the key to the enemy, whoever that is.

headline ha

I read the headline, "hack any phone". I have this old AT&T / Western Electric dial phone. Sure hack that puppy!

Just a WiFi Pineapple?

[GodyDeeps]

So I'm guessing it's similar to the WiFi Pineapple with Karma/DNSSpoof?.. It poses as the trusted WiFi Network and the victim's phone connects to it. It could then employ MiTM on the SSL. Do all the Cellphone apps (Twitter, Dropbox, etc) not check for proper certificates when using HTTPS?

Security through scarcity

[DrYak]

Windows Phone? Sailfish?

I seriously doubt that all 3 devices of them have anything to be afraid of.
After all, the company spoke of "Hundreds of devices".

--
said a someone having switched from WebOS to Sailfish OS.

Watch out, patchers will make us "go dark"

[cfalcon]

Apple, Ios, and Microsoft had better get on fixing this IMMEDIATELY. If this goes live and stays live for a few months, fixing the bug will be deemed "going dark" and we'll hear about how "terrorists coordinate using securely patched phones".

Rubber hose

[colinrichardday]

Wouldn't they use a rubber hose instead? More likely to keep the victim conscious.

Re:Rubber hose

[Maxo-Texas]

No that's torture. They should waterboard because it's not torture at all.

Gender? Age? Education?

How, exactly? Are they going to heuristic up my sms?

Clearly I am a teenage girl, by virtue of pattern matching utilized emoticons. :3

Potential for abuse

Quote: "The company says it will only sell it to law enforcement agency."

You know, like the Gestapo, the KGB, and their modern counterparts. And given how the IRS has behaved under Obama, our own DOJ is likely to use it to go after those whose politics it does not like.

Finally, given what "law enforcement" is like, the cops will use this to spy on people in their personal life they don't like, such as an ex.

COOL STORY BRO

[kheldan]

The company says it will only sell it to law enforcement agency

Yeah, sure you will. Aside from this making it's way into the hands of criminal organizations, one way or another, in a startlingly short period of time, the NSA and CIA (which more or less amount to criminal organizations, the way they conduct themselves domestically) probably already have this device in their posession well in advance of us hearing about it.

Thanks, assholes. Now I will never own a smartphone, ever. Hell, I'm half considering whether it even makes sense to continue having a cellphone of any kind anymore.

Re:COOL STORY BRO

[Ash-Fox]

Now I will never own a smartphone, ever.

LOL you.

Re:COOL STORY BRO

[kheldan]

What? I haven't had sufficient reason to get a smartphone so far, and it seems like every week something else comes up that convinces me even further that it's a bad idea. Overpriced, underperforming, get gouged for wireless service, and then it's like a swiss cheese so far as security goes, and there's not a hell of a lot you can do about it? All so I can have stupid games and mobile internet? LOL you, thanks but no thanks. I don't even use a cellphone as a phone all that much, I've got like 10000 'anytime' minutes racked up every single month. If it was any cheaper to have landline POTS at my house I think I'd just do that instead, but it costs about the same.

Re:COOL STORY BRO

[Ash-Fox]

What?

You're funny, because you're using a system that is probably just as exploitable under similar conditions. If you read the article, it mentions this attack would need to be faciltiated over Wi-fi. How can an attack over Wi-fi work? Man in the middle? Right, if someone is man-in-the-middling a system, Linux, Windows, OS X or otherwise, you'll likely have an application that can be exploited.

I haven't had sufficient reason to get a smartphone so far, and it seems like every week something else comes up that convinces me even further that it's a bad idea.

I#m not trying to convince you to get one, but if your only reason was to do with the security of the device.. Then I wouldn't even use a PC for similar reasons.

then it's like a swiss cheese so far as security goes

Mobile security is interesting, because some handsets don't get updates and that's where their vulnerabilities lie, while others do and some are maintained by the community which in some cases are more secure than your PC. Permission systems on mobile devices are more refined than what you typically get on a PC. Applications typically even have to request permission for Internet access, reading your device's unique ID, access to your phone book, viewing your pictures etc.

Overpriced, underperforming, get gouged for wireless service

I don't have this problem. I've got unlimited data (including tethering - I've used up TBs in a few months with no complaints), unlimited calls, unlimited texts 3g & 4g etc. and that costs me just 13GBP a month.

All so I can have stupid games and mobile internet?

I wouldn't know what your use-case is, but mine for exceeds those.

I've got like 10000 'anytime' minutes racked up every single month.

That's nice I guess.

If it was any cheaper to have landline POTS at my house I think I'd just do that instead, but it costs about the same.

I pay for two different fibre optic connections to my home from different providers for redundancy and load balancing traffic (we're heavy Internet users and we don't even pirate content), sadly that comes up to around 60GBP together, which in comparison to my mobile phone service is immensely expensive.

Re:COOL STORY BRO

[kheldan]

..because you're using a system that is probably just as exploitable under similar conditions.

Well, no, actually, I'm not. At home it makes zero sense for me to use WiFi, it's a small place and ethernet makes so much more sense.

Re:COOL STORY BRO

[Ash-Fox]

Well, no, actually, I'm not. At home it makes zero sense for me to use WiFi

Similar conditions being, someone doing a Man in the Middle. I don't care what medium it's performed over.

Re:COOL STORY BRO

[kheldan]

I'm not really sure anymore what your point even is? MitM attacks could have been happening since before the Internet was opened to the general public, even, and considering that it started as a DARPA project, and considering that pretty much all illusions about the U.S. I may have ever entertained have now been shattered, I think it's been continuously surveilled since Day Zero. If you're implying that the CIA/NSA/FBI/whoever has sneaked into my house and is watching the whole three ethernet devices I have on my private network, then you're more paranoid than I am. All I'm saying is why the hell should I make it easier for criminals or tragically anal-retentive government types to be going through my informational underwear drawer or directly monitoring me in realtime by having a smartphone when week after week I have it demonstrated to me that you're a chump if you own one, especially when nobody even uses their phone as a phone, for most it's like some crazy twisted lifestyle? It just doesn't make any sense for me, especially if I'm having to pay exhorbitant prices for it all to start with. Oh and the mention of the 'anytime' minutes? That was supposed to illustrate how little I even use a cellphone as a phone; there might be, on a busy month, and entire hour of airtime used.

..and before you say it: No, I'm not a luddite. I work for a 'major microprocessor/SoC manufacturer', who ironically enough creates most of the technology I'm not interested in owning, and without the team I'm on there, none of it would work reliably. You're welcome.

Re:COOL STORY BRO

[Ash-Fox]

I'm not really sure anymore what your point even is?

I'll paraphrase the posts:

1) You state that having a smart phone is a bad idea and that this article seems to make it even more so.
2) I laughed at your comment.
3) You justify yourself.
4) I bring up the similarities and dis-similaries of the exploitability to other devices through MitM, such as a PC and imply that if that would be your main motivator, that probably should avoid using any other device with similar circumstances.
5) You side-tracked on 'wi-fi' being the cause.
6) I point out MitM again.
7) You don't really see my point.

If you're implying that the CIA/NSA/FBI/whoever has sneaked into my house and is watching the whole three ethernet devices I have on my private network

CIA/NSA/FBI and other three letter agencies don't need to go on that level to my knowledge. With the advent of home routers being compromised through automated worms, Linux routers and even ISP routers getting compromised while operating in secure BAU setups. It would be silly to make assumptions like your Internet access is never going to have some sort of MitM. Based on this, how is this different to a smart phone being compromied by a MitM? I don't really see much of a difference.

In the next responses, I am just going to take the comments as if they were targetted to my use; because I have no idea what your use it or why you would end up compromised, but I have a good idea what would compromise me.

All I'm saying is why the hell should I make it easier for criminals or tragically anal-retentive government types to be going through my informational underwear drawer

I feel the risk to me in this area is very minimal because I simply do not store that data directly on the device. There is the exception that it has GPS tracking and I guess some special malware could get into my phone and trace where my phone is; but there isn't really much use to criminals having that information.

or directly monitoring me in realtime by having a smartphone when week after week I have it demonstrated to me that you're a chump if you own one

Considering that my alternative would be doing phone conferencing a lot over a laptop, I view the exploitability about the same with real time monitoring. If I had to use ae laptop, it too would know of the movies/documentaries I watch in bed, what slashdot comments I am reading (big deal) and the secure text messages (these aren't SMSes) I get regarding people accessing datacenters/servers

especially when nobody even uses their phone as a phone, for most it's like some crazy twisted lifestyle?

I use my landline for Internet and my mobile for voice calls, secure texts, tethering and discussing with people on Slashdot when I am travelling (last year I averaged 5 days a week in hotels and 0.7 days travelling per week).

..and before you say it: No, I'm not a luddite.

I never said that you're a luddite, your initial comment still does not really justify smart phones being that much worse than any other Internet connected device and I really don't care about any other reasons you have for not owning a smart phone.

Re: Coming soon to U.S. technology firms

WTF, why do we have such hate filled people in this world? Good grief, stick to the topic you moron.

Of course they did.

Why wouldn't they.

Re: Coming soon to U.S. technology firms

Um, ok, here we go again......

u wanna take it outside?

Re:Coming soon to U.S. technology firms

+1 for truth

sorry the truth hurts folks. when their lives begin with dismembering baby genitals a life of duplicity, greed and evil is sure to follow.

Regardless...

...this is more reason why it makes sense to use a dumb phone instead. If you can limit your use of facebook, email, and skype to those periods (at work and at home) during which you have access to a desktop pc, then you don't need wifi or a data plan on your phone, at all. Smartphones *technically* function without wifi or data, but many apps (even built-in OS apps, even on vanilla Android) expect it and get quirky or break without it. So, dumbphones are better.

Dumbphones nearly universally come with calendar, contact list, text, and mp3 player. Seriously, do you really need that comic book reader too? You can't just wait till you get home?

Re:Regardless...

As a frequent international traveler, I regularly keep my iPhone in airplane mode for days at a time, only getting data updates at wifi hotspots in the hotels or offices. I am not simply seeing this "get quirky or break" syndrome with "calendar, contact list, text, and mp3 player" apps. The only built-in apps that do stop working properly are Safari (duh) and Mail (mail that haven't been downloaded before going offline can't be read--fair enough).

Re: Coming soon to U.S. technology firms

[Hognoxious]

Israel and the US are in bed with each other.

Who's the brown hatter and who's the pillow-biter?

Yes, marketing claims do say that.

[gavron]

There are many smartphones with WiFi that cannot be "rooted" let alone remotely.

Then there are many of us who run permission-checking programs that alert us if something is touching something it shouldn't.

Finally the claims are too broad to be taken seriously. It's a simple application of Okham's Razor
along with a little bit of "If it sounds too good to be true... it probably is."

I suspect their device allows them local WiFi access to a subset of smartphones (as they say "older")
that have known vulnerabilities in the OS (e.g. previous Android or IOS). There's no known remote root
for BlackBerry (remember them?) or current Android (CM12.x).

Marketing people do what they do and LOOK THEY'VE SUCCEEDED because their original ad has
now transformed into a discussion on /. :)

Best holiday wishes,

Ehud Gavron
Tucson AZ

Variant available on Darknet in 5.. 4.. 3..

How long until this hardware is cloned by the crooks? Oh, about 10 minutes.

LOL

Hi we can see your phones but don't know who the Lord is.

anti-Christians gtfo

Re:LOL

Obvious troll is obvious.

I'm writing an app called spew

And it's only purpose is to send cleartext random passwords and usernames over the WiFi while I'm away from my house. Let them capture that,

Key word - Israel.

[denzacar]

and the fact that kids of people attracted to life in uniform are of exactly the opposite mindset needed to go into computer science

There is no "attracted to life in uniform" in Israel. Everyone serves.
What there is though are various benefits in service and education for those with high grades in highschool with special attention for those "recruits who have demonstrated outstanding academic ability in the sciences and leadership potential" putting them through more schooling and training after which they do R&D for IDF.

The applicant pool consists of nearly ten-thousand top scorers in a test taken by all graduating high school seniors. 150-200 potential applicants are then subjected to a two-day series of tests.[3]
These include further IQ exams, as well as group-tasks designed to test one's social dynamics, all conducted under the supervision of trained psychologists and military personnel.
For example, teams of applicants are given a specific task then the instructions are changed while the test is in progress, such as shortening the allotted time or changing the assigned tasks.[3]
Final acceptance into the program entails a high security clearance rating, given by the Air Force.

And then there's Mamram, Unit 8200, Ofek...

All when those highly educated techies leave the army... Private sector is ready and waiting.

surveillance hardware catalog

https://theintercept.com/surveillance-catalogue/

Pineapple

Welcome to ten years ago, Israel: https://www.wifipineapple.com/

Re: Coming soon to U.S. technology firms

Evidence?

Re: Coming soon to U.S. technology firms

So genital dismemberment goes with duplicity? Interesting connection.

Contraband

The company says it will only sell it to law enforcement agency.

So does this mean that the device is contraband in the US? I mean last years Supreme Court decision is quite clear that police MUST have a warrant in order to search cell phones.