In this special edition, I would like to bring to light the network security threat known as spoofing. Spoofing is masking the true identity of an IP address, port number or even a MAC address. This is often used to attempt to penetrate a wireless network.
Regarding wireless networks, the cellphones we use and are practically part of most of us, belong to some of the wireless networks in the world. Based on the cellphone plans that we have with our cellphone service provider, we make phone calls, send text messages, surf the internet, play games or video chat.
There is a dark side to cellphone use. They are highly mobile devices that can be difficult to track. To make things more difficult, people who like to play practical jokes have a way to rattle their victims even more.
I decided to use Google and see what I could find as far as cell number and text message spoofing. I found some interesting apps that could be downloaded and installed for free. Be advised that free is a relative term because many of these apps ask for permission to access contacts, photos, and browser history. This could be used in data mining operations.
The first app that I found was caller ID Faker. Apparently this app was designed to engage in monkey business. However, this app could be used as a social engineering tool to gain access to personal information. I need to do more research to see how this might show up on a phone bill or a cell tower log.
Regarding wireless networks, the cellphones we use and are practically part of most of us, belong to some of the wireless networks in the world. Based on the cellphone plans that we have with our cellphone service provider, we make phone calls, send text messages, surf the internet, play games or video chat.
There is a dark side to cellphone use. They are highly mobile devices that can be difficult to track. To make things more difficult, people who like to play practical jokes have a way to rattle their victims even more.
I decided to use Google and see what I could find as far as cell number and text message spoofing. I found some interesting apps that could be downloaded and installed for free. Be advised that free is a relative term because many of these apps ask for permission to access contacts, photos, and browser history. This could be used in data mining operations.
The first app that I found was caller ID Faker. Apparently this app was designed to engage in monkey business. However, this app could be used as a social engineering tool to gain access to personal information. I need to do more research to see how this might show up on a phone bill or a cell tower log.
This is not the only app available. Also available from the same company is a text message faker. Based on the advertisement in the Google Play Store, this appears to be yet another social engineering tool.
But wait, there's more! Here is another one to choose from, Disposable Numbers. This one could be used for some untraceable and disposable social engineering fun. Judging from the number of downloads, either 100,000 people have found a use for this or 100,000 devices have been used. Based on this number there is no telling how many victims there might have been.
Finally, the last one I decided to cover, an app called Fake Call. This software claims to allow you to be able make it appear that your number is not your number but that of whomever you want to pretend to be. Notice the picture of Santa Claus. This app could be used to obtain personal and sensitive information.
Now that these apps have obtained some free advertising, please be cautious about who you give sensitive information to. Financial institutions will not call you and ask you to verify your information or ask for your password, social security number or challenge question answers. However it is normal that when you call them, they might ask verification questions. Be cautious and skeptical of everything that shows up on your phone.
Comments
Post a Comment