The Pied Piper. Atul Alex, MalCon Team.
The Pied Piper
Jun 28, 2015
My presentation for MalCon-2012.
Videos are missing here as they were huge in size.
Videos are missing here as they were huge in size.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The Pied Piper. Atul Alex,
MalCon Team.
Mobile devices & “Security”
¤ Too many platforms to deal with.
¤ Too many restrictions on various tasks.
¤ “Encryption”.
¤ Software based attacks are becoming close to impossible.
The funny little jack!
Features?
¤ Using Voice dial feature to make & receive phone calls.
¤ Controlling the “Music Player”.
¤ Compatible devices : Wired Headsets, Bluetooth Headsets, In-Car Bluetooth Handsfree , external speakers & few others.
¤ Not a new technology & supported by most of the “mobile device” manufacturers.
Interesting facts!
¤ Headsets when plugged in, all audio output/input is routed through them by the phone & handset speakers/mic are usually* muted/disabled.
¤ The audio output voltage typically lies between 1~2.5v on phones/mobile devices.
¤ Almost all events on the phone are notified to the user with the help of corresponding tones/sounds.
Kung-Foo time!
¤ What if, we added a microcontroller to the headset’s circuit to do malicious things?
¤ Easily Possible stuff : ¤ Initiate phone calls without user interaction. ¤ Note duration of phone calls. ¤ Detect incoming/outgoing calls, sms & so on.
¤ Not so Easy yet possible stuff: ¤ Record dialed numbers on the phone’s keypad. ¤ Enumerate all contact-names in the phonebook. ¤ Record phone calls. ¤ Can be remotely activated to carry out any of these tasks.
Electronics Skill level : n00b--
The universal feature.
¤ Video of my Arduino circuit starting voice dial on all platforms. (iOS, Blackberry, Windows Phone-Lumia & Android-ZTE Blade)
Automatic phone calls through the Headset.
¤ Video demonstrating my Arduino circuit initiating a phone call on its own by “speaking” instead of the head-set’s microphone.
Detecting important events
¤ Video of detecting everytime a phone call is initiated & when it ends.
Enumerating “Contact” list.
¤ Video that enumerates contacts-list on my Blackberry
The Keypad-Logger
¤ Video of detecting numbers dialed on the phone’s keypad (Android based ZTE Blade) through just TRRS jack.
Things am currently working on (To-Do) :
¤ Record calls, contacts, dialed numbers to a Micro-SD Card & play it back over voice calls.
¤ Shrink the whole circuit to fit in your regular headset models.
¤ Looking into advanced stuff using SIRI & the Android’s voice action/search features.
Facts:
Facts:
Mitigation!
Questions please!
Thank you!
¤ Atul Alex Cherian.
¤ Blog : aodrulez.blogspot.in
¤ Twitter : Aodrulez
¤ Email : [email protected]
Related Documents
![[Framing the Artist] Sushil Soni: The Pied Piper of Pichwai](https://static.cupdf.com/doc/110x72/586f84d51a28ab54768b4ecf/framing-the-artist-sushil-soni-the-pied-piper-of-pichwai.jpg)
