15

I'm a pentest newbie. Recently I've learned about sniffing in LANs. From the books and internet resources I'm studying, the sniffing (or packet capture) is always done on either Wired LANs (Ethernet 802.3) or Wireless Lans (Wifi 802.11).

But what about others like cell phone communication, SMS etc. They also use wireless. The information is all around us like in the case of Wifi. Why can't they be sniffed? Why didn't I find any example/situation or any resource where they explain these things.

Kindly, just tell me what all can be sniffed and what not?

claws
  • 2,145
  • 5
  • 19
  • 22

2 Answers2

13

Machines create noise that maybe be detected by an attacker. If this noise undermines a physical cryptosystem then its called a side channel attack which is a very interesting and diverse research topic.

Like it or not, passwords are the gold standard and the human interface devices we use are very noisy. The electromagnetic noise produced by typing on a regular WIRED keyboard can be sniffed. As if that wasn't bad enough the vibrations from your keyboard can be sniffed with a laser.

Using an FPGA the HyperTransport bus was sniffed on the XBOX to obtain its secret key and break its (poorly designed) anti-piracy system. Microsoft should have been aware of this, because bus sniffing isn't new. Its also been used to break password protected hard drives.

Communication with a smart card can also be sniffed.

CRTs and even modern LCDs are vulnerable to Van Eck Phreaking.

The MPAA is using canines to sniff for pirated dvd's.

rook
  • 46,916
  • 10
  • 92
  • 181
  • @claws, heh :), its an important question. – rook Dec 24 '11 at 15:30
  • 1
    @Lohoris hehe, yeah I included it as a joke. But its totally an attack on a computer system. Its also pretty absurd. – rook Dec 25 '11 at 22:14
  • @Rook: Ironically, I do have an electronics academic background. Could you kindly point me to the resources to learn more about this stuff. I mean, I want to build one of those stuffs – claws Dec 27 '11 at 08:20
  • @claws Could you be more specific? – rook Dec 27 '11 at 15:05
  • @Rook: I'm learning computer pentesting from books. But now that I discovered that lot of hardware devices can be sniffed which definitely is a security threat. As I already have background & interest in electronics, I want to switch to security of hardware devices. So, I want to implement all those things that you mentioned in your answer (van eck phreaking) by my self. So, could you point me to books/blogs/any other kind of resources that will help me? – claws Dec 28 '11 at 17:19
  • @claws To be honest I am a appsec guy, I don't have a background in electronics. hackaday.com is an awesome hardware hacking blog. Also a lot of the links I posted are guides for performing the attacks, that wiki page for "bus sniffing" is all DIY. – rook Dec 28 '11 at 17:39
6

The short, definitive answer is: if it generates electromagnetic (EM) radiation (or signals of any kind, really) then it can be potentially sniffed.*

Whether it can be tuned-to, decoded, decrypted, and formed into a cohesive information stream within a specific budget using well-defined tools and techniques is another matter entirely.

So with your example of cell phones, the answer is yes. They can be sniffed. You require specific equipment OTHER than a general laptop computer with a 802.11 wireless receiver ethernet card because cell phones operate on a variety of different frequencies. Ever wonder why your radio, GPS, television, cell phone, and wifi all operate quite happily in a confined space with one another? This is the beauty of carving up the EM spectrum.

Even if you happen to get a tunable EM receiver, you may still have problems trying to sniff the traffic because of other characteristics in how that EM wave is built. Once you figure out how the wave has been built, you then need to figure out the underlying coding scheme, THEN figure out the protocol, THEN figure out any encryption built on top of that protocol, etc., etc.

When it comes to investigating interesting signalling schemes, you'll find some pretty smart people over at 2600, for example. I'm sure other people can point you at other resources as well.

*Read up on something called "TEMPEST" attacks for really interesting signal sniffing allowing you to, say, recreate the image on someone's monitor from afar or discern the password they type on their keyboard. These are extremely difficult and sensitive attacks, but theoretically possible and highlight that pretty much anything that uses electricity, makes a noise, creates a vibration, or otherwise can be detected and analyzed.

logicalscope
  • 6,344
  • 3
  • 25
  • 38