[Joshu42]

It is however very likely if he has a basic networking knowledge and free tools such as Cali Linux or backtrack, and if on the same WiFi network he can perform a man in the middle attack which allows him to view everything going to and from your device over IP.

Just a quick addendum : if the goal is just to listen, no need for a MiM attack. Just be on the same Wi-Fi with the promiscuous mode enabled on you network card... Add a scanner build on libpcap or socket and voila. It's a passive way, and your target will never know. You can get some tasty cookie this way if not transmitted over ssl.

[gariac]

Just a quick addendum : if the goal is just to listen, no need for a MiM attack. Just be on the same Wi-Fi with the promiscuous mode enabled on you network card... Add a scanner build on libpcap or socket and voila. It's a passive way, and your target will never know. You can get some tasty cookie this way if not transmitted over ssl.

Actually it is monitor mode if you want to be passive. There is a promiscuous mode, but that isn't what you use since you would have to associate with the network.

http://en.m.wikipedia.org/wiki/Monitor_mode

Posted via CB10

[Joshu42]

There is a promiscuous mode, but that isn't what you use since you would have to associate with the network.

Yeah, as I said "Just be on the same Wi-Fi" It's easier to filter for your target only. But if your network card and driver enable Monitor mode (lucky), it can be pretty cool (but hard in urban territory full of hotspots).

[gariac]

Yeah, as I said "Just be on the same Wi-Fi" It's easier to filter for your target only. But if your network card and driver enable Monitor mode (lucky), it can be pretty cool (but hard in urban territory full of hotspots).

Wireshark can do the filtering. Generally when you do a pen test, you try to leave as few fingerprints as possible. In monitor mode, you can't even be RDFed.

I don't bother with kali linux. You can just add what you need to your favorite disty.

General procedure is to run kismet in scan mode. When you identify the proper frequency, park kismet on it, then fire up wireshark that wifi interface.

For promiscuous mode, you don't need kismet. You get on the network and just run Wireshark. But any decent wifi hotspot will isolate the users, so the odds of this working are poor. This is easily proven simply by getting on the network and running Fing on your phone. The android apk works on bb10. You won't see any other users on most wifi hot spots since they are not set up for users to talk to each other, but rather just use the Internet. Again, this is why monitor mode is what you want.

Posted via CB10

[Sanket Gupta09041996]

Can someone call others using my phone number. One of my friend did it from an android device on other android. I have a doubt that he can do it using my number also.

Posted via CB10

[OneofLittleHarmony]

Some one I know said he can hack my phone easily because he has my mac address.... like spy on my bbms,emails,whatsapp texts etc

Posted via CB10

He can spy on your emails and maybe whatsapp if they haven't gotten around to encrypting it yet. Not bbms or texts, unless there is a text over wi-fi protocol. He would have had be connected to the wifi at the same time you were sending or receiving those messages and he couldn't check past messages.

Posted via CB10

[Richard Buckley]

Can someone call others using my phone number. One of my friend did it from an android device on other android. I have a doubt that he can do it using my number also.

Posted via CB10

It is trivial to spoof call display, telemarketers do it all the time. So he can't make a call from your number, but he can make the average person believe it is from your number.

Z10STL100-3/10.3.1.2072

[gariac]

It is trivial to spoof call display, telemarketers do it all the time. So he can't make a call from your number, but he can make the average person believe it is from your number.

Z10STL100-3/10.3.1.2072

Also note this can be done from a landline with the right service.

Process servers and collection agencies often spoof the number of the person they are calling since it is very likely that number won't be blocked.

Process server might be a US centric term. It is the person that gives you legal papers to be sued, picked as a witness, etc.

Posted via CB10

[Sanket Gupta09041996]

One of my friend he did it. Without being on the wifi connection. He did it to another android device.

Posted via CB10

[gariac]

One of my friend he did it. Without being on the wifi connection. He did it to another android device.

Posted via CB10

If you just do a search on caller ID spoofing or phone number spoofing, you will see they are all "services." Some are free but paid for with advertisements.

As far as I know, this is simply the same spoofing that was done on landlines years ago, but with an app interface.

In any event, this is not smartphone hacking. Rather it is an old trick just ported to smartphones.


Posted via CB10

[Sanket Gupta09041996]

If you just do a search on caller ID spoofing or phone number spoofing, you will see they are all "services." Some are free but paid for with advertisements.

As far as I know, this is simply the same spoofing that was done on landlines years ago, but with an app interface.

In any event, this is not smartphone hacking. Rather it is an old trick just ported to smartphones.


Posted via CB10

Ok now I got it. But will he be able to use my number to call others. If yes then how to save myself from getting spoofed.

Posted via CB10

[gariac]

Ok now I got it. But will he be able to use my number to call others. If yes then how to save myself from getting spoofed.

Posted via CB10

There is no way to avoid being spoofed. Make sure you don't use a default code on your voice mail. Set up verbal passwords with financial services. The only hope that is with all this SWAT-ing going on, the telco industry will address the problem. Otherwise, you need to a accept that your phone number can be spoofed.

If you went VOIP using SIP (different phone number), with a lot of work, you could avoid being spoofed. But SIP can be less secure if not set up properly.

Posted via CB10