While Mike Tassey and Rich Perkins were showing off their impressive GSM and WiFi-hacking drone, it seems that other mobile networks may have been under a silent siege. Word over on the Full Disclosure mailing list is that CDMA and 4G networks were locally compromised, allowing for a full-on man-in-the middle attack to take place.
According to a report by Coderman, a DefCon attendee reportedly who saw the attack unfold, whoever was behind it really brought their A-game: they attacked over CDMA and 4G connections at full power, looking to gain root or ring 0 access on Android devices and connected PCs respectively.
The system started off by looking for open doors, like checking for SU or superuser access on affected devices. Once it had run through all the obvious options, it began to try some more “novel attacks.” Once the devices in question were compromised, the attackers were able to access user data and even monitor conversations, although Coderman doesn’t mention whether this extends to phone calls.
One would hope that such a complex attack would leave some telltale signs of intrusion, and Coderman is quick to list some possible indicators. Some of them seem woefully pedestrian — if you accept an update notification at DefCon of all places, you probably had it coming — but some masquerade as everyday network or device wonkiness. Personally, I wouldn’t think much of my Android phone being unable to connect to USB debugging, but then again there’s a reason I don’t go to DefCon.
Without further confirmation from attendees, it’s tough to say how real a threat this attack posed. A hack of this magnitude almost seems unreal, but it wouldn’t be a surprise to see at it DefCon. It was highly local in nature, so affected users wouldn’t have much to worry about once they checked out of the Rio, but it could spell real trouble for the carriers involved. Though the report mentions no names, Verizon, Sprint, and MetroPCS are the only CDMA carriers with honest-to-goodness 4G services. With 4G network technologies like WiMax and especially LTE gaining widespread adoption, network operators will need to make efforts to up their security in coming months.