Taddong: Owning a PC via GPRS/EDGE




Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Nov 7, 2012

NOTE: The video has only a few seconds of audio at the begining and at the end. The rest is silent (don't bother checking your loudspeakers ;-) ).

This is a video that we have used on several talks in the past, demonstrating a network attack against a PC, performed via GPRS/EDGE (which is the important point here), using a fake GSM/GPRS/EDGE base station. The video is also available for download from our lab.

The point of the video is to show that GPRS/EDGE communications are as easy to intercept, manipulate, and take advantage of, as GSM (voice and SMS) communications, using a fake GSM/GPRS/EDGE base station.

In the past, we have explained the underlying GSM/GPRS/EDGE vulnerabilities and shown this kind of attack, live. If you are interested in this details, check out "A practical attack against GPRS/EDGE/UMTS/HSPA mobile data communications" (English) and "Un ataque práctico contra comunicaciones móviles" (Spanish).

With the publication of this video we hope to contribute in creating awareness of this problem, and help organizations realize it is necessary to take into account these weaknesses when performing a risk assessment.

The example shown in the video is a victim PC, running XP SP3 with a version of Java Runtime Environment (JRE) prior to version 6 update 24. The victim connects to the Internet using a 3G/2G modem, getting EDGE service from a rogue base station that the attacker has set up using the open source suite OpenBSC+OsmoSGSN+OpenGGSN+LCR.

The attacker then injects HTML content in the HTTP traffic of the victim, redirecting his browser to the Metasploit exploit "java_codebase_trust". This allows him to get a Meterpreter session in the victim PC, giving him full control over the victim PC.

To demonstrate the control over the victim's PC, the attacker obtains a screenshot of the victim PC. Then, the attacker scrolls up and down through the list of available commands offered by Meterpreter, and the video ends when the attacker invokes a shell (cmd.exe) of the victim PC.

The point of the video is not that this particular java vulnerability, which is quite old, can be exploited by an attacker. The point is that any remote vulnerability that you might have in your systems, either well known or zero day, could be exploited by an attacker using a fake GSM/GPRS/EDGE base station, if you use such communication.

If you want to avoid this path of attack, make sure all of your mobile devices use 3G (UMTS) and (and this is critical) do not accept 2G service (GSM/GPRS/EDGE) under any circumstances, and/or protect all of your network traffic at a higher level.


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...