I just watched Hacking Cisco Phones: Just because you are paranoid doesn't mean your phone isn't listening to everything you say, an excellent presentation by Ang Cui and Michael Costello at 29C3. I particularly liked that they coined the term "funtenna" to describe the potential capability of malware using the off-hook switch in a VoIP phone as an antenna to transmit data over RF.
I appreciate that they credited me with the idea, but I would like to set the record straight. I met Ang and Michael at a Cyber Fast Track event a couple months ago, and they approached me with the idea of exfiltrating data from the phone by toggling a GPIO pin on the embedded CPU at radio frequencies. My only contribution was looking at the hardware and suggesting that the wire extending to the off-hook switch was probably the best candidate antenna for the hack.Although it hasn't been implemented yet, I think the idea has merit. I don't know how fast a GPIO pin can be toggled on the platform, but the CPU operates at something like 800 MHz. That makes it very likely that the maximum GPIO toggle rate is at least in the tens of MHz, maybe even over 100 MHz. I don't know the resonant frequency of the wire extending to the off-hook switch, but it is probably a few hundred MHz. If my guesses are close, then it is likely that the funtenna could be used to transmit data a short distance, perhaps through a wall or two. It isn't a very good radio, but it should work to some extent. Even a short range wireless transmission is very interesting when it originates from unmodified hardware not intended for wireless operation.With Ang and Michael's approval, I would like to formalize the definition of "funtenna" a bit: A funtenna is an antenna that was not intended by the designer of the system to be an antenna, particularly when used as an antenna by an attacker. In the case of the Cisco phone, the funtenna could be used to transmit data from the phone. In certain systems, it may be possible to use a funtenna to receive radio signals as well. (I even know of some people working on a way to inject data into an untouched device using nothing but a high power radio signal; it is a very limited capability but theoretically possible.) The field of emission security studies unintentional radio emissions that leak data, and I would call any radiating element (a cable with poor shielding, for example) that leaks useful or sensitive information a funtenna.
Whenever I crack open an electronic device for the first time, I now look for potential funtennas. Maybe you will too. :-)
23 comments:
What an awesome idea! Looks like it would be totally possible. Someone has already done this with the Raspberry Pi and turned it into an FM Transmitter simply by toggling a GPIO pin:
http://www.icrobotics.co.uk/wiki/index.php/Turning_the_Raspberry_Pi_Into_an_FM_Transmitter
Sorry my bad english, i'm brazilian ;)I read your post and I remembered about a distrust I have on mobile devices regardless of OS. do you think the phone can open a listening device without calling? as if the mobile network operator could hear our conversations without needing to give a ring ... do you think that would be possible in a hardware appliance any gsm?
thanks for the reply
Reminds me of an old hack, which makes dvb-t transmitter out of vga card.
http://bellard.org/dvbt/
Nice links! The oldest prior art related to intentional funtenna transmission I can recall is Tempest for Eliza.
Lucas: Yes, there have been examples of mobile phones used as listening devices. If your network operator or anyone else controls the software on your phone, they can probably do that. I've never heard of an operator doing such a thing.
Prior art is much older than Tempest for Eliza. Try: Altair at Homebrew Computer Club, 1975
There isn't a specific funtenna here, so much as an entire computer's collective EMI.
This would be a nice way to export data gathered by a device like the phones, but do you know of any juicy protocols that it could directly attack at those frequencies?
Jared wins!
Hugh: It is unlikely that we could attack much over the air with this technique (at least on the Cisco phone platform). We have limited modulation capability and can only transmit at low power up to something like 100 MHz. Perhaps we could transmit control signals to a toy remote control vehicle at 27 or 49 MHz.
You didn't mention that you're the one who gave them the idea for Funtenna! :)
Great talk, thanks for sharing it.
One further idea, probably mentioned already somewhere, but the microphone might be used to capture keystrokes, or more interestingly the funtenna might be a nice place to sniff for TEMPEST like emissions.
Would you happen to have any materials/sources for the RF injection? I have seen some examples, but nothing very "trustworthy"...
AKA the A: If you are referring to the ability to use RF to inject data into a system not intended for RF operation, I don't have any specific resources. The research that I know of is very preliminary, not public, and highly dependent on the characteristics of the target device.
They can probably do that. I've never heard of an operator doing such a thing.
Transmission Fort Lauderdale
we are offering latest amazon Special Offers & Deals to save your money and time. As well get the best products with best prices. Don't waste your time join us today!! : Lg smart phone
all of your posting i very like thank . Agen bola terpercaya
hello Agen Bola
What is negative carbon emission?
emissions software
Nice Blog Post !
I'm Khloé Zac, I tried to invest my savings into forex broker's trade during Pandemic and ever since last year December have been trying to withdraw my savings and each time i try to withdraw i'm asked to pay for fees and Tax fees, last Month june 26th i discovered that it was all scam and i have already lost $450,000 US dollar's. I was referred by my bestie who know so much about the internet and he referred me to Vitor programmer, i emailed him and he asked me to get in touch on WhatsApp and i did as he instructed, after 32 hours of reaching out to Vitor Programmer i received a notification on my phone screen and it was blockchain and my funds were recovered full without stories, i am writing this because a lot of people complain of being scammed online while trying to have there funds recovered, kindly Email: Vitor@programmer.net, WhatsApp contact: (+1) 519 / 398 / 1460, and tell him that you are from Khloé Zac.
Recovery Lost Funds From Online Scammer's/ Cryptocurrency/ Recovery of Stolen bitcoin
I recommend professional expert Programmer Email: vitorzprogrammer@gmail.com, for Recovery Funds / Cryptocurrency / Binary / Forex / Recovery of Stolen Bitcoin / Report scammers and blocking of Scammers Emails, website's, phone number's / Removing Bad Records from Both Public and Private database: Whats App (+1) 519 / 398 / 1460
Have you been defrauded by deceptive Bitcoin traders? Or are you seeking to recover funds you lost on telegram accounts to take over hackers/rippers?. I personally will recommend no one other than albertgonzalezwizard (@) gmail com This is the least I could do for them after they saved my life by helping me recover up to 3.966BTC in less than two weeks from an online ripper lately. I got referred to them via my colleague at work , they also helped his spouse recover tokens and coins lost to scams .I'm glad I got in contact with this specialist because I would have most likely fallen victim to another online fraudster all in the name of them trying to help me. I owe this people a lot because it is so hard to see legit help online. Are you having similar issues with your BTC Wallet,Don't get scammed by these online fraudsters, contact albertgonzalezwizard (@) gmail com they are the most efficient and most trusted recovery expert on here Whatassp +31684181827 or Telegram: +31687920980
I humbly implore your attention to discuss with you a great hacker called Wizard Brixton who helped me in recovering my funds when I trusted a faker rippers who rip out my money and I was broke and could not even afford to pay my rents or to feed myself my girlfriend left me because there was no hope anymore lost all my life saves to this ripper but suddenly I saw an advert about this hacker and I contact him on wizardbrixton@gmail.com and explain my situation to him, he said that he will help me to recover my funds and I think is just a normal way hacker do say but suddenly Brixton got me proof to show he can get my funds, at last, he recovers my 357,000 USD from the rippers and it was a shock to me so I promise him to sing the praise of him so other people can benefit from his good job email him directly via WIZARDBRIXTON (AT) GMAIL (DOT) COM and reach him on WhatsApp +1- /807-23 4-0428 Immediately for your help and discuss further
QUALITY SSN DOB DL HIGH CREDIT SCORES Leads
CC with CVV Fullz (USA, UK, CANADA)
Tutorials & E-Books For Ethical Hacking
Tools For Everything You Need
I'm On Telegram = @killhacks & I C Q = 752822040
Stuff available for
(Spamming, Carding, Ethical Hacking, LINUX, Programming, Scripting, etc. )
Deals in all kind of Tools, Tutorials, E-books, Leads/Fullz/Pros
Availability 24/7
FASTEST DELIVERY
Build Your Own Business with proper guide & Legit Tools
Always glad to serve
GOOD LUCK
Here I'm:
I C Q = 752822040
Tele-gram = @killhacks
I felt overpowered and unsure on how to get back my stolen assets after losing $243,230 worth of Bitcoin and Ethereum to an investment fraud. Fortunately, I came across WIZARD JAMES RECOVERY, and their outstanding assistance changed everything in this dire circumstance. Unmatched professionalism and openness were displayed by WIZARD JAMES RECOVERY. Their team of highly qualified web developers and cybersecurity specialists carefully examined the scam's specifics and created a plan of action for my situation. In addition to being meticulous, their strategy demonstrated their deep comprehension of the intricate nature of bitcoin theft.It was especially remarkable how quickly WIZARD JAMES RECOVERY moved. Their prompt recovery efforts were crucial in getting my money back that had been stolen and easing my anxiety and worry. It was quite impressive and demonstrated their proficiency in the sector that they were able to recover so much cryptocurrency so quickly.WIZARD JAMES RECOVERY did more than just get my money back. They also made an effort to find the fraudsters who were behind the theft. Their proficiency in cyber investigations and digital forensics was essential in locating and apprehending the offenders. In addition to helping me financially, this extra assistance also advanced the cause of justice more broadly. Excellent communication was kept by WIZARD JAMES RECOVERY. By giving me frequent updates and concise justifications for their actions, they fostered trust and made sure I was always aware of the advancements being achieved. The experience was far less stressful than I had expected because of their openness and commitment.I would recommend WIZARD JAMES RECOVERY to anyone looking for professional help reclaiming cash or cryptocurrency that has been stolen. They stand out in the field of cybersecurity due to their professionalism, effectiveness, and transparency. I had an extremely excellent experience with them, and I am very grateful for their assistance and knowledge in getting my stolen valuables back. Without a doubt, WIZARD JAMES RECOVERY is a team you can trust to expertly and devotedly handle the challenges of cryptocurrency recovery. WIZARD JAMES RECOVERY can be reached by email at wizardjamesrecovery @usa. com.
Message: +44 7418 367204 on WhatsApp
Post a Comment