I just watched Hacking Cisco Phones: Just because you are paranoid doesn't mean your phone isn't listening to everything you say, an excellent presentation by Ang Cui and Michael Costello at 29C3. I particularly liked that they coined the term "funtenna" to describe the potential capability of malware using the off-hook switch in a VoIP phone as an antenna to transmit data over RF.
With Ang and Michael's approval, I would like to formalize the definition of "funtenna" a bit: A funtenna is an antenna that was not intended by the designer of the system to be an antenna, particularly when used as an antenna by an attacker. In the case of the Cisco phone, the funtenna could be used to transmit data from the phone. In certain systems, it may be possible to use a funtenna to receive radio signals as well. (I even know of some people working on a way to inject data into an untouched device using nothing but a high power radio signal; it is a very limited capability but theoretically possible.) The field of emission security studies unintentional radio emissions that leak data, and I would call any radiating element (a cable with poor shielding, for example) that leaks useful or sensitive information a funtenna.
Whenever I crack open an electronic device for the first time, I now look for potential funtennas. Maybe you will too. :-)
22 comments:
What an awesome idea! Looks like it would be totally possible. Someone has already done this with the Raspberry Pi and turned it into an FM Transmitter simply by toggling a GPIO pin:
http://www.icrobotics.co.uk/wiki/index.php/Turning_the_Raspberry_Pi_Into_an_FM_Transmitter
Sorry my bad english, i'm brazilian ;)I read your post and I remembered about a distrust I have on mobile devices regardless of OS. do you think the phone can open a listening device without calling? as if the mobile network operator could hear our conversations without needing to give a ring ... do you think that would be possible in a hardware appliance any gsm?
thanks for the reply
Reminds me of an old hack, which makes dvb-t transmitter out of vga card.
http://bellard.org/dvbt/
Nice links! The oldest prior art related to intentional funtenna transmission I can recall is Tempest for Eliza.
Lucas: Yes, there have been examples of mobile phones used as listening devices. If your network operator or anyone else controls the software on your phone, they can probably do that. I've never heard of an operator doing such a thing.
Prior art is much older than Tempest for Eliza. Try: Altair at Homebrew Computer Club, 1975
There isn't a specific funtenna here, so much as an entire computer's collective EMI.
This would be a nice way to export data gathered by a device like the phones, but do you know of any juicy protocols that it could directly attack at those frequencies?
Jared wins!
Hugh: It is unlikely that we could attack much over the air with this technique (at least on the Cisco phone platform). We have limited modulation capability and can only transmit at low power up to something like 100 MHz. Perhaps we could transmit control signals to a toy remote control vehicle at 27 or 49 MHz.
You didn't mention that you're the one who gave them the idea for Funtenna! :)
Great talk, thanks for sharing it.
One further idea, probably mentioned already somewhere, but the microphone might be used to capture keystrokes, or more interestingly the funtenna might be a nice place to sniff for TEMPEST like emissions.
Would you happen to have any materials/sources for the RF injection? I have seen some examples, but nothing very "trustworthy"...
AKA the A: If you are referring to the ability to use RF to inject data into a system not intended for RF operation, I don't have any specific resources. The research that I know of is very preliminary, not public, and highly dependent on the characteristics of the target device.
They can probably do that. I've never heard of an operator doing such a thing.
Transmission Fort Lauderdale
we are offering latest amazon Special Offers & Deals to save your money and time. As well get the best products with best prices. Don't waste your time join us today!! : Lg smart phone
all of your posting i very like thank . Agen bola terpercaya
hello Agen Bola
What is negative carbon emission?
emissions software
Nice Blog Post !
I'm Khloé Zac, I tried to invest my savings into forex broker's trade during Pandemic and ever since last year December have been trying to withdraw my savings and each time i try to withdraw i'm asked to pay for fees and Tax fees, last Month june 26th i discovered that it was all scam and i have already lost $450,000 US dollar's. I was referred by my bestie who know so much about the internet and he referred me to Vitor programmer, i emailed him and he asked me to get in touch on WhatsApp and i did as he instructed, after 32 hours of reaching out to Vitor Programmer i received a notification on my phone screen and it was blockchain and my funds were recovered full without stories, i am writing this because a lot of people complain of being scammed online while trying to have there funds recovered, kindly Email: Vitor@programmer.net, WhatsApp contact: (+1) 519 / 398 / 1460, and tell him that you are from Khloé Zac.
Recovery Lost Funds From Online Scammer's/ Cryptocurrency/ Recovery of Stolen bitcoin
I recommend professional expert Programmer Email: vitorzprogrammer@gmail.com, for Recovery Funds / Cryptocurrency / Binary / Forex / Recovery of Stolen Bitcoin / Report scammers and blocking of Scammers Emails, website's, phone number's / Removing Bad Records from Both Public and Private database: Whats App (+1) 519 / 398 / 1460
Have you been defrauded by deceptive Bitcoin traders? Or are you seeking to recover funds you lost on telegram accounts to take over hackers/rippers?. I personally will recommend no one other than albertgonzalezwizard (@) gmail com This is the least I could do for them after they saved my life by helping me recover up to 3.966BTC in less than two weeks from an online ripper lately. I got referred to them via my colleague at work , they also helped his spouse recover tokens and coins lost to scams .I'm glad I got in contact with this specialist because I would have most likely fallen victim to another online fraudster all in the name of them trying to help me. I owe this people a lot because it is so hard to see legit help online. Are you having similar issues with your BTC Wallet,Don't get scammed by these online fraudsters, contact albertgonzalezwizard (@) gmail com they are the most efficient and most trusted recovery expert on here Whatassp +31684181827 or Telegram: +31687920980
I humbly implore your attention to discuss with you a great hacker called Wizard Brixton who helped me in recovering my funds when I trusted a faker rippers who rip out my money and I was broke and could not even afford to pay my rents or to feed myself my girlfriend left me because there was no hope anymore lost all my life saves to this ripper but suddenly I saw an advert about this hacker and I contact him on wizardbrixton@gmail.com and explain my situation to him, he said that he will help me to recover my funds and I think is just a normal way hacker do say but suddenly Brixton got me proof to show he can get my funds, at last, he recovers my 357,000 USD from the rippers and it was a shock to me so I promise him to sing the praise of him so other people can benefit from his good job email him directly via WIZARDBRIXTON (AT) GMAIL (DOT) COM and reach him on WhatsApp +1- /807-23 4-0428 Immediately for your help and discuss further
QUALITY SSN DOB DL HIGH CREDIT SCORES Leads
CC with CVV Fullz (USA, UK, CANADA)
Tutorials & E-Books For Ethical Hacking
Tools For Everything You Need
I'm On Telegram = @killhacks & I C Q = 752822040
Stuff available for
(Spamming, Carding, Ethical Hacking, LINUX, Programming, Scripting, etc. )
Deals in all kind of Tools, Tutorials, E-books, Leads/Fullz/Pros
Availability 24/7
FASTEST DELIVERY
Build Your Own Business with proper guide & Legit Tools
Always glad to serve
GOOD LUCK
Here I'm:
I C Q = 752822040
Tele-gram = @killhacks
Post a Comment