Earlier this year researchers from Bastille discovered vulnerabilities in wireless mice and keyboards that could lead to them being remotely hijacked from as far as 225 meters away. They have a dedicated site detailing the vulnerabilities dubbed mousejack. They also released POC code which I have built on to implement a remote takeover of a machine using a wireless mouse/keyboard.Read on →
I have had a set of Intex Wireless Roaming Headphones lying around the house for a couple of years. They consist of a receiver (headphones) and a separate transmitter. The headphones include an FM receiver powered by two AAA batteries with reset and scan buttons for normal FM operation, and of course volume control. The separate transmitter comes with audio and microphone jack ports and is also powered by two AAA batteries. It also has a DC port as an alternative power source option. Here’s how it looks:Read on →
I wrap up the GSM series with a walkthrough on how to decrypt voice traffic. Voice is the way most people interact on a telecommunications network and therefore a major componenent of GSM traffic. I’ve explained a lot of the background on GSM communication in the previous posts so I’ll get right to it.Read on →
In the previous post, I explained how GSM traffic can be sniffed with the HackRF One. GSM traffic carries a lot of information, from system information to the actual voice and data we are familiar with. The traffic that the normal user of a telecommunication network is concerned with is voice and data. With this in mind I’ll do a two part series to demonstrate how voice and data can be sniffed using the HackRF. I start with SMS traffic which falls under the data category. Let’s get right into it!Read on →
I have been playing around with the HackRF for the past couple of weeks and progressively exploring the Radio Frequency spectrum. In this post I’ll take you through how to sniff GSM traffic. I’ll be specifically monitoring the Um interface. This in the air interface between the Mobile Station (MS) and the Base Transceiver Station (BTS). The MS in this case will be the mobile phone while the BTS is what the phone connects to on the Mobile network. The BTS is usually hosted on towers which you can spot in various locations. Here is what a typical one looks like.Read on →
who are you?
I am a passionate Information Security enthusiast. I specialize in Digital Forensics and Incident Response (DFIR). Research and artifacts analysis are the cause of my sleepless nights. I have a keen interest in PC and mobile device malware, I am therefore always tinkering with VMs and mobile phones.Read on →
The wireless world is an area I’ve been interested in for a long time. From the the more common applications such as Wi-Fi, bluetooth and FM to the lesser explored such as radar, satellite and GSM, radio frequency is an area I plan to explore extensively. How awesome is the concept of electromagnetic pulses in this age that is driven by electromagnetism. I digress so let me get back on track, there will be several more posts to explore the possibilities.Read on →
In part one I analysed the data communication that takes place on a phone over a one hour period. Read the post here for details and background info.
Here, I go further and analyse what happens over a twelve hour period of normal phone usage. I ran BRO on my phone from
6:40pm and ensured that data was on and WIFI off the whole time.