Slashdot Mirror

← Back to Stories (view on slashdot.org)

Israeli Firm Creates a Device That Can Hack Any Nearby Phone (softpedia.com)

Posted by samzenpus on from the one-bad-apple dept.

An anonymous reader writes: Israeli startup Rayzone created a device that can hack any smartphone that has its WiFi connection open. The device can steal passwords, files, contact lists, photos, and various others. Called InterApp, the device is dumb-proof (comes with a shiny admin panel), works on hundreds of devices at the same time, and leaves no forensics traces behind after the hack. The company says it will only sell it to law enforcement agencies.

4 of 143 comments (clear)

  1. Re:Colour me suspicious by Anonymous Coward · · Score: 3, Interesting

    It's more like load Nessus onto a portable device, create an open wifi network, and then scan and exploit any phone dumb enough to connect. So, tell your phone not to connect to unknown networks, or networks without a shared secret.

  2. Re: Coming soon to U.S. technology firms by Anonymous Coward · · Score: 2, Interesting

    Israel and the US are in bed with each other. It's the Palestinian that need to worried.

  3. Re:I highly doubt it. by swillden · · Score: 5, Interesting

    There are only a handful of companies making phone chip sets. It would be easy for the NSA to pay off enough people to install backdoor hardware in the designs, to allow remote access. Such access would bypass the phone software completely, and be very hard to detect.

    Thinking about this in the context of Android (since that's what I know -- though I don't know as much as I should about the radio subsystems), it is conceivable that there are back doors in the radio (Wifi and cellular; they're different, and separate) chipset firmware. The radio chipsets don't have any access to device storage, though, so without some additional steps this could only be used to get data flowing through the relevant radio. Exfiltrating the data obtained would presumably have to be done via the same radio. In the case of Wifi this would be pretty easy to detect by anyone monitoring Wifi transmissions, or examining the data flowing through the Wifi router. If the data were encrypted it might not be possible to tell what the unexplained data was, but its presence and destination could easily be observed.

    If the drivers that talk to the radio firmware modules are also backdoored, then the drivers could be used to take control of the Linux kernel, and thereby take control of the entire Android system. Stuff protected by the Trusted Execution Environment (TEE) wouldn't be affected, but TEE software also comes from a small set of vendors, and most comes in binary form only. The exception is Google's "Trusty" OS, which open source, but is used (thus far) only on the Nexus 9 [1]. So if the NSA could get backdoors into the radio firmware, it could probably get them into the TEEs as well. Except on Nexus 9.

    However, assuming such firmware backdoors exist, it seems like they would be closely guarded secrets of the agencies that arranged for them to be installed, not something they'd share with some Israeli company, and absolutely not something they'd want embedded in a commercial product where it could discovered easily, just by watching what it transmits.

    For that matter, I'm skeptical that such back doors exist. Many people have reverse engineered the common baseband and Wifi chipset firmware modules, and no such backdoors have been found, which means that if they're there, they're pretty well-concealed. If anything, I'd bet that rather than full-blown back doors, there are merely subtle security vulnerabilities which can be exploited and then chained with other exploits to pwn the device. Again, though, I'm skeptical that this one Israeli company has such powerful knowledge and extremely skeptical that they'd put it in a commercial product where knowledge of it could be easily discovered.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  4. Yes, marketing claims do say that. by gavron · · Score: 3, Interesting

    There are many smartphones with WiFi that cannot be "rooted" let alone remotely.

    Then there are many of us who run permission-checking programs that alert us if something is touching something it shouldn't.

    Finally the claims are too broad to be taken seriously. It's a simple application of Okham's Razor
    along with a little bit of "If it sounds too good to be true... it probably is."

    I suspect their device allows them local WiFi access to a subset of smartphones (as they say "older")
    that have known vulnerabilities in the OS (e.g. previous Android or IOS). There's no known remote root
    for BlackBerry (remember them?) or current Android (CM12.x).

    Marketing people do what they do and LOOK THEY'VE SUCCEEDED because their original ad has
    now transformed into a discussion on /. :)

    Best holiday wishes,

    Ehud Gavron
    Tucson AZ