The Pied Piper.Atul Alex,MalCon Team.
Mobile devices & “Security”¤  Too many platforms to deal with.¤  Too many restrictions on various tasks.¤  “Encryption”...
The funny little jack!
Features?¤  Using Voice dial feature to make & receive phone calls.¤  Controlling the “Music Player”.¤  Compatible devi...
Interesting facts!¤  Headsets when plugged in, all audio output/input is    routed through them by the phone & handset sp...
Kung-Foo time!¤  What if, we added a microcontroller to the headset’s circuit    to do malicious things?¤  Easily Possib...
Electronics Skill level : n00b--
The universal feature.
¤  Video of my Arduino circuit starting voice dial on all    platforms. (iOS, Blackberry, Windows Phone-Lumia &    Androi...
Automatic phone calls through the           Headset.
¤  Video demonstrating my Arduino circuit initiating a    phone call on its own by “speaking” instead of the head-    set...
Detecting important events
¤  Video of detecting everytime a phone call is initiated &    when it ends.
Enumerating “Contact” list.
¤  Video that enumerates contacts-list on my Blackberry
The Keypad-Logger
¤  Video of detecting numbers dialed on the phone’s    keypad (Android based ZTE Blade) through just TRRS jack.
Things am currently working on (To-Do) :¤  Record calls, contacts, dialed numbers to a Micro-SD    Card & play it back ov...
Facts:
Facts:
Mitigation!
Questions please!
Thank you!¤  Atul Alex Cherian.¤  Blog : aodrulez.blogspot.in¤  Twitter : Aodrulez¤  Email : atul.alex@orchidseven.com
The Pied Piper
Upcoming SlideShare
Loading in …5
×

The Pied Piper

2,440 views

Published on

My presentation for MalCon-2012.
Videos are missing here as they were huge in size.

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • :)
    Your ppt make me understand what your concept was :)
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total views
2,440
On SlideShare
0
From Embeds
0
Number of Embeds
1,234
Actions
Shares
0
Downloads
12
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

The Pied Piper

  1. 1. The Pied Piper.Atul Alex,MalCon Team.
  2. 2. Mobile devices & “Security”¤  Too many platforms to deal with.¤  Too many restrictions on various tasks.¤  “Encryption”.¤  Software based attacks are becoming close to impossible.
  3. 3. The funny little jack!
  4. 4. Features?¤  Using Voice dial feature to make & receive phone calls.¤  Controlling the “Music Player”.¤  Compatible devices : Wired Headsets, Bluetooth Headsets, In-Car Bluetooth Handsfree , external speakers & few others.¤  Not a new technology & supported by most of the “mobile device” manufacturers.
  5. 5. Interesting facts!¤  Headsets when plugged in, all audio output/input is routed through them by the phone & handset speakers/ mic are usually* muted/disabled.¤  The audio output voltage typically lies between 1~2.5v on phones/mobile devices.¤  Almost all events on the phone are notified to the user with the help of corresponding tones/sounds.
  6. 6. Kung-Foo time!¤  What if, we added a microcontroller to the headset’s circuit to do malicious things?¤  Easily Possible stuff : ¤  Initiate phone calls without user interaction. ¤  Note duration of phone calls. ¤  Detect incoming/outgoing calls, sms & so on.¤  Not so Easy yet possible stuff: ¤  Record dialed numbers on the phone’s keypad. ¤  Enumerate all contact-names in the phonebook. ¤  Record phone calls. ¤  Can be remotely activated to carry out any of these tasks.
  7. 7. Electronics Skill level : n00b--
  8. 8. The universal feature.
  9. 9. ¤  Video of my Arduino circuit starting voice dial on all platforms. (iOS, Blackberry, Windows Phone-Lumia & Android-ZTE Blade)
  10. 10. Automatic phone calls through the Headset.
  11. 11. ¤  Video demonstrating my Arduino circuit initiating a phone call on its own by “speaking” instead of the head- set’s microphone.
  12. 12. Detecting important events
  13. 13. ¤  Video of detecting everytime a phone call is initiated & when it ends.
  14. 14. Enumerating “Contact” list.
  15. 15. ¤  Video that enumerates contacts-list on my Blackberry
  16. 16. The Keypad-Logger
  17. 17. ¤  Video of detecting numbers dialed on the phone’s keypad (Android based ZTE Blade) through just TRRS jack.
  18. 18. Things am currently working on (To-Do) :¤  Record calls, contacts, dialed numbers to a Micro-SD Card & play it back over voice calls.¤  Shrink the whole circuit to fit in your regular headset models.¤  Looking into advanced stuff using SIRI & the Android’s voice action/search features.
  19. 19. Facts:
  20. 20. Facts:
  21. 21. Mitigation!
  22. 22. Questions please!
  23. 23. Thank you!¤  Atul Alex Cherian.¤  Blog : aodrulez.blogspot.in¤  Twitter : Aodrulez¤  Email : atul.alex@orchidseven.com

×