27C3 - Version 1.6.3
27th Chaos Communication Congress
We come in peace
| Referenten | |
|---|---|
|
Renaud Lifchitz |
| Programm | |
|---|---|
| Tag | Day 3 - 2010-12-29 |
| Raum | Saal 3 |
| Beginn | 17:15 |
| Dauer | 01:00 |
| Info | |
| ID | 4151 |
| Veranstaltungstyp | Vortrag |
| Track | Hacking |
| Sprache der Veranstaltung | englisch |
| Feedback | |
|---|---|
|
Haben Sie diese Veranstaltung besucht? Feedback abgeben |
Android geolocation using GSM network
"Where was Waldroid?"
We introduce a new forensic technique that allows to collect users' past locations on most current Android phones, within a few seconds. It becomes possible to tell where the user was at a given time, or where a phone call took place over the last few hours or days.
The attack is based on GSM BTS cell location and little-known Android logging features and can be extended to track a user's activity over long periods of time.
We will also show how to perform the attack locally and remotely, and ways to protect against these techniques, as well as forensic applications and privacy concerns.
As a part of the presentation we plan to show a live demonstration of both local and remote attacks to retrieve geolocation and activity history of targeted phones. The graphical mapping tool used for the presentation will be released as open source.
Talk keywords: mobile phone hacking, geolocation, android, privacy, forensics
Outline:
- WHY ANDROID?
- GEOLOCATION: DIFFERENT APPROACHES
- ATTACK VECTORS
- SPYING USERS... (GETTING MORE THAN LOCATION: TRACKING CALLS&SMS)
- HOW TO PROTECT?
- TOOL DEMO