Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc


A group of infosec researchers have uncovered neat ways to track a phone's location via 4G or 5G. However, the mechanics of the surveillance, while fascinating, are difficult to pull off for all but the most determined foe.

The so-called Torpedo attacks are said to allow someone nefarious to trace a person's whereabouts by using side-channel features of the 4G and 5G cellular comms specifications. It is possible to use the base Torpedo principle to perform an IMSI-cracking attack, which brute-force decodes a device's encrypted IMSI, or perform a Piercer attack, which links a phone number to an IMSI.

According to a paper [PDF, 985kB] due to be presented today at NDSS (Network and Distributed System Security Symposium) in the US by Syed Rafiul Hussain, along with Ninghui Li and Elisa Bertino, all of Purdue University, and Mitziu Echeverria and Omar Chowdhury at the University of Iowa, the snooping relies on having some prior knowledge of one's target and of how to intercept and read LTE paging channel messages.

Crucially, the nature of the surveillance, as described by the team in their paper, means that – much like the minor controversy over password managers this month – it is not an attack vector many people should realistically live in fear of.

The paper appeared online in December, and its findings have been acknowledged by the GSMA, the world's mobile networks' trade body, which is working on fixing up the problems. No proof-of-concept exploit code or detailed instructions have been released as the vulnerabilities are said to be still live.

Harvinainen ja vaikea hyökkäystapa käytännössä.

First of all: the snooper must already have your phone number, and know roughly where you and your phone will physically be at a given time. These two things are far from impossible to obtain, but do rely on the miscreant having some knowledge of you and your travel habits.

The attacker must also set up one or more RF sniffers capable of reading a particular paging message over the airwaves. Again, this is not impossible to do, but does require planning and resources.

To carry out the attack, the spy waits until they know their target is in the rough area of the radio sniffer hardware, and calls (or texts, or WhatsApps, or whatever method of choice triggers a pushed service of some sort) the target’s phone. This triggers a paging message broadcast. The researchers summarised one attack method as follows:

  1. Make a call.
  2. Listen for paging messages over the air during the delivery window.
  3. Remove from the set all PFI values that do not have a paging message during the window.
  4. If only one PFI value remains in the set, then it concludes that this is [the target’s] PFI
From there you can attempt to use the team's related Piercer attack to obtain the target’s IMSI, which is normally encrypted over the air, from the cell network, and link it to his or her phone number. Briefly, to achieve this, a snoop hijacks the paging channel and forces the network to eventually broadcast a paging message for the target’s IMSI itself, rather than the derived TMSI.

This behaviour is a routine part of how some operators’ LTE networks are designed to locate to a user device that goes AWOL and can be triggered by a single phone call – provided the attacker has hijacked the paging channel first. It does depend on whether the network has been set up to broadcast an IMSI paging message in clear, though. The technique is not guaranteed to work.


Researchers claim to have uncovered a five-year Chinese hacking operation aimed at bolstering Beijing's naval might and trade deals to the detriment of the world's democracies and maritime hardware makers.

In a report issued conveniently just in time for the RSA Security Conference in San Francisco this week, IT threat watchdog FireEye claimed a group of state-backed hackers dubbed APT40 compromised manufacturers to siphon tech blueprints and intelligence that could be used to modernize China's navy – and even sought to influence foreign elections.


Noista GPS jammereista tulee helposti mieleen että lehdet kertovat että niitä saa helposti netistä tilattua, mm. lentoliikenteen häirintään. Mitä nyt itse pikaisesti katsoin eBayn tarjontaa, niin niillä nyt ainakaan lentoliikennettä ei pysty häiritsemään, hyvä niin.