A cyber-arms catalog that leaked has shed more light on the technologies the NSA deploys to obtain information.
According to the catalogue, the NSA catalog offers a mobile base station called the Typhon HX (priced at $175,800) that will mimic a network provider’s infrastructure and collect mobile signals to decode and study; it effectively taps cellphones.
One scenario where this type of hacking was spotted in action was at the Ecuadorian embassy shortly after Julian Assange arrived as a house guest. The embassy’s staff started getting welcome messages from Uganda Telecom on their mobile because the British intelligence services hadn’t reconfigured their data slurping base-station correctly from a previous operation, apparently.
This means that the previous operation had been carried out in Uganda and targeted Uganda Telecom customers.
The catalogue further says that Mobile phone SIM cards can also be easily hacked using a tool dubbed MONKEYCALANDER. This exploits a flaw, only recently spotted by security researchers but used by the NSA since 2007, that allows code to be installed on a SIM card that will track and monitor an individual user’s calls and location.
It also details an exploit called DROPOUTJEEP which claims it can gain complete control of an Apple iPhone via a backdoor, at least back in 2007 when the cyberweapon catalog was drawn up.
Source: The Register