Skip to content

the hacker sends a binary SMS to the target's phone. The SMS contains a special payload executed by the operating system of the phone's SIM card

Notifications You must be signed in to change notification settings

X-3306/Exploit-Mobile-Phone-SIM-Card-for-Eavesdropping

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 

Repository files navigation

Exploit-Mobile-Phone-SIM-Card-for-Eavesdropping

Explenation

Mobile operators naturally filter such SMS messages. Therefore, we send them through our own base station emulator In short, we put the subscriber on our BS, send him a magic SMS and immediately turn off the BS emulator. The subscriber again selects the "legal" public network, and the command to set up the connection is carried out through the regular operator.

Action

a way to force the victim's phone to dial the number needed by the "information security researcher" on their own. The hacker can then  "pick up the phone" and eavesdrop on everything that happens near the target.


The essence of the attack

the hacker sends a binary SMS to the target's phone.  The SMS contains a special payload executed by the operating system of the phone's SIM card, which initiates an outgoing call through  the "S@t setup call" mechanism. In most phones, the subscriber's participation is not required, external signs are a short-term inclusion of the display backlight. Some phones display "Confirm connection?"  when the subscriber presses "yes", the screen goes blank and an outgoing call is made. The hacker "answers the phone" on  his phone and then can eavesdrop on everything that happens near the victim's phone. Duration of listening - depends on the settings of  the telecommunications operator (duration of an open voice session) and is usually 1 hour.  Then you need to resend the SMS.

FIRST STEP

For first you must put your phone number in Hexadecimal PDU Message  for example: "0x042230121020744382E3130353105160604313035312D0C100383060791 2143658709F0 2B00" 

http://rednaxela.net/pdu.php


STEP 2 | the content of the SMS

Now you need to sent by the SMPP gateway  example: "82E3130353105160604313035312D0C100383060791 2143658709F0 2B00 first 2143658709F 0"
- destination phone the second, at the end of the message 2143658709F0 - the hacker's phone

Here you can check the received package - https://www.smsdeliverer.com/online-sms-pdu-decoder.aspx

Explenation

Mobile operators naturally filter such SMS messages. Therefore, we send them through our own base station emulator In short, we put the subscriber on our BS, send him a magic SMS and immediately turn off the BS emulator. The subscriber again selects the "legal" public network, and the command to set up the connection is carried out through the regular operator.


What you should NOT to do when you testing this

don't replace your "clean" numbers with the apdu command,  because these outgoing calls are recorded by the operator and the number will be highlighted.

The operation of exploit

Exploit is not 100 percent, It does not work on all phones and SIM cards, some smartphones display a message asking you to confirm the connection - but the thing is cool and recommended to master at least to understand the possible attack vectors on the phone.


Damage of exploit

- Attacker can eavesdropping on what is happening near the phone without the subscriber's knowledge
- Attacker can mass long-term distribution of such SMS apdus for a DDOS attack on a specific phone
- Attacker can leaving the subscriber without communication by calling the roaming number and using his balance
- Attacker can create a paid, substantial phone number and initiate calls to it - I'm not sure thats scheme works now



please consider this as an informative tutorial, and only test it in your own environment or with the permission of 2 people. Eavesdropping on a person without his or her knowledge is illegal, and especially highly not moral.

About

the hacker sends a binary SMS to the target's phone. The SMS contains a special payload executed by the operating system of the phone's SIM card

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published