Weaponizing the Nokia N900 – Part 2

Welcome to the 2nd post in my series of leveraging the power of the Nokia N900 handheld using opensource, cutting-edge security tools for ethical penetration testing.

In keeping with the theme, the idea is to cover security-related tools and applications that enhance the N900’s offensive capability.  Recall the initial focus is on tools that are available, easy to install and require low technical expertise — that is, expertise in terms of installation, not actually running the tools in a network attack scenario. You’ll have to learn that on your own, and IronGeek is a great place to start.

As the blog series progresses, I’ll cover more unique tools and cutting-edge stuff,  I’m still working with a production phone that I can’t risk ‘bricking’ — however, if anyone’s interested in supporting advanced security tool support and research on the Nokia N900 platform and seeing the results posted here on infosecisland, please drop me a note offline.

NeoPwn Update — BETA versions leaked, possible malicious modification

In Weaponizing the Nokia N900 – Part 1, I mentioned the upcoming release of NeoPwn, a software image designed specifically for the Nokia N900.  The software is still unreleased, but there’s been a BETA test going on.  Unfortunately, someone in the BETA program has re-released the BETA into the wild, and quite possibly did some malicious modifications.

A warning, if you’re trying to go trolling around the Torrent sites or RapidShare for this leaked NeoPwn image, I’d suggest you re-think that strategy.  Not only will you possibly get a bad, or trojaned image, but you’ll also drain support from cool projects like NeoPwn — I think that specialized projects like this that take alot of time should be supported, and it’s worth paying for this kind of effort.

Oh, and bonus points for locating and publishing analysis of a trojaned N900 NeoPwn BETA image!

Easy Debian with LXDE

Easy Debian on the Nokia N900 is super-easy to install, well-documented, and provides you with a full desktop environment that is separate from the underlying OS.  Here’s a nice 8-minute video on Easy Debian on the N900, and to get you started, there’s great documentation on the Maemo Wiki.

Basically, you can install Easy Debian LXDE using the GUI application manager.  It’s a snap, and easy to back out of if you want to. With this package you get a full Linux distro that runs on top of the N900’s native OS — think of it as similar to running a VMware appliance image on a host.

Once you have Easy Debian and LXDE installed, you can begin to add the kinds of security tools  that would typically install on a full-fledged desktop!  Think a full version of Nessus, both client and server, running on the N900 in LXDE.

It’s totally doable, albeit these packages can be a bit of a drain on the CPU and memory — that is, it’s workable, but don’t expect snappy and fast.  Still, running the Nessus client and/or daemon on this device is a useful feature — serious security tools like Nessus running on a compact phone-sized device open awesome possibilities for covert testing in on-site ethical penetration testing engagements.

If you’re contemplating adding several security tools for the N900, definitely look into adding the Easy Debian LXDE package.  Overall, it makes life much easier and enables you to play around with a full OS without modifying the base OS on the phone.

There’s potential here for custom LXDE images for the N900 as well.  Could be an interesting project…

It’s noteworthy that from a law-enforcement forensics standpoint, the N900 presents an advanced challenge.  If LEA are going after more than the removable SIM, the “virtual image” Easy Dedian LXDE capability makes it more of a challenge for airport cell phone siezures and subsequent analysis.

The potential for running LXDE with an encrypted filesystem will add to this forensics challenge in the future.  On the flip side, it’s also a useful privacy enhancement, and can aid in the unwanted intrusion into private data.

LiveCast Mobile for N900 — Poor Man’s James Bond Espionage Tool?

It’s worthwhile to cover several applications that can turn the N900 into a powerful multimedia broadcasting device — or in terms of espionage a “corporate green killer, bean spiller” as Boots from “The Coup” might say.  I’m going to only focus on one for now, and will expand on others that are worthy in future posts.

By far the scariest I’ve seen so far is the Livecast Mobile.  This app will allow you to stream to a webserver live audio and video from the N900.  What’s interesting is you can set either of the two cameras on the N900 — while front camera’s red LED is illuminated when the software is running, there’s no indication if the front camera is used, which has lower resolution, but is much more covert.

Speaking from personal experience, it’s a bit unnerving to fire this app up, leave the N900 on a table, go to another room, go to a Livecast webpage and see live video and hear live audio from this phone — going out to the Interwebs — to the Livecast servers — back to my PC browser.  Yikes.

Think about that next time you’re in a highly confidential meeting and a N900 (or any of several phones) are lying on the table, or “forgotten” on a chair or end-table.  For that matter, anyone check above the ceiling in the plenum in your company’s corporate boardroom lately? 🙂

All kidding aside, clearly, there are a number of legal issues with using this kind of application, so be aware of the risks and liabilities.

Coming Up Next…

Some of the things I’m going to focus on in upcoming articles for the “Weaponizing the Nokia N900” series includes:

  • More scary applications for poor man’s espionage
  • Using the Nokia 900 for wireless attacks, including WEP/WPA capture and cracking, packet injection, Kismet on the N900, etc.
  • FakeAP and Karma type attacks — turning the N900 into a rouge AP that does MITM, etc.
  • USB Ethernet to add a third data interface (wifi, cellular, US)

One thought on “Weaponizing the Nokia N900 – Part 2

  1. Pingback: iPhone para hackers | villacorp.com

Leave a Reply

Your email address will not be published. Required fields are marked *