SPONSOR INTERVIEW: Using BYOD devices for 3G/LTE exfiltration

How to turn an executives phone into your own personal gateway…
24 May 2013 » Risky Business Extra, AusCERT

Datacom TSS is a Canberra-based, national security firm founded by ex Australian government security specialists. These guys specialise in dealing with highly skilled adversaries. One of their services is running some pretty intense Red Team exercises.

The team at Datacom TSS recnetly ported its Red Team Trojan over to the Android platform, and it's surprisingly easy to trick people into installing it. You just email it to them and ask them to install the APK package.

And what you get once you're on someone's phone is quite awesome. Not only can you turn on the microphone and snoop on boardroom conversations, but you can use the 3G or LTE connection on the device to do your exfiltration. That way you're completely bypassing the heavily watched gateway. You can also use it to bypass SMS-based authentication.

Mark Brand is the Datacom TSS guy who did the Android port. He joined me by phone to tell us all about it.

SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: