Over-the-Air Penetration Testing
Project Members
Eric Katz, Bryan Lee, Richard Mislan
Eric Katz, Bryan Lee, Richard Mislan
Abstract
The purpose of this study is to determine whether it is possible to penetrate a mobile device from another device that is on the same cellular network. The study will concentrate on the Android platform and focus on attempts to penetrate the most popular applications for the platform. For this study, we will be testing some of the top free Android Play Store applications, such as Facebook for Android and Skype for Android. The purpose will be to see if it is possible to gather pertinent information ranging from contacts and messages to a full forensic image of the device from the target. Previous research in this area has involved man-in-the-middle techniques that require the target device to connect to hardware controlled by the attacker, which then forwards the information to the cellular network. This means that special equipment and the target phone are required in order to carry out the attack. If a mobile-to-mobile attack is possible, all that is needed is a phone that is able to connect to the network the target is on and any scripts and software created for the exploit. This could be a very useful technique in areas where pertinent information is passed over cellular networks, such as a drug trafficking ring or terrorist cell.