Wireless Communications

Airspan Networks, a leading provider of WiMAX gear, today announced that it has received FCC certification for 5.4 GHz WiMAX equipment. The certification covers Airspan’s MicroMAX Base Station as well as Airspan’s subscriber terminals, the ProST and EasyST. Airspan has deployed 5.4 GHz WiMAX internationally for some time, but this certification makes it the first such WiMAX product in the US. Airspan says the solution can be integrated with VoIP and WiFi extensions and incorporates Airspan’s proprietary interference mitigating software. “Airspan is aggressively pursuing a leading role in the US WiMAX market. The most comprehensive range of compelling products, paired with key strategic partnerships, has resulted in an impressive series of account wins in the US this year,” commented Declan Byrne, Airspan’s Chief Marketing Officer. “This new FCC certification provides another vehicle to help Airspan continue our course and drive additional revenues from this growing market.”

Security researchers presenting Wednesday at the Black Hat D.C. conference in Washington, D.C., demonstrated technology in development that they say will be able to greatly decrease the time and money required to decrypt, and therefore snoop on, phone and text message conversations taking placeon GSM networks. Many mobile operators worldwide use GSM networks, including T-Mobile and AT&T in the United States. The 64-bit encryption method used by GSM, known as A5/1, was first cracked in theory about 10 years. The security of the most widely used standard in the world for transmitting mobile phone calls is dangerously flawed, putting privacy and data at risk, two researchers warned at the Black Hat conference in Europe last week. Researchers David Hulton and Steve Muller showed at Black Hat in the U.S. last month how it was possible to break the encryption on a GSM (Global System for Mobile Communications) call in about 30 minutes using relatively inexpensive off-the-shelf equipment a

WinPwn 2.0.0.3 has just been released. If you were facing crashing issues with iPwner or 16xx errors then you you might want to check out the latest version as cnw, the iPhone Hacker credited for porting iPhone Dev Team's Pwnage Tool 2.0 (Mac only) to Windows claims that they have been fixed. You can find all the details of WinPwn 2.0.0.3 after the jump. The initial release was affected by an issue that caused the iPwner component to crash. It appears that the issue has been resolved in the latest version. WinPwn 2.0.0.3 has also resolved the 16xx errors that iPhone Hacks reader, hms90832, had encountered. Here are the instructions provided with the latest release: You must do a full uninstall of winpwn before installing the new version. Make sure you have the latest version of iTunes (Currently 7.7). WinPwn uses 300MB of ram at peak due to the ipsw being extracted in memory. You must first click browse and load an IPSW to use WinPwn. For 2.0 only the *5A347_Restore.ipsw files are

The name of this hacker is Abdul-Rahman Mahaini, he is 26 years old and he lives in Damascus, Syria. According to him, he has so far cracked software programs worth millions of dollars and he will continue to do so, no matter how difficult it is to crack a certain program. He says that he does not do this for the hacking thrill, but because of the software sales restrictions imposed on Syria by the US. It all boils down to the fact that, since you cannot buy it, you can always hack it. Abdul-Rahman Mahaini is not easily deterred by the complexity of a program or the measures employed to make cracking it more difficult. As long as you can get hold of him, he will be more than happy to hack into any software program you’ll give him. The thing is that Abdul follows a strict ethical guide and he will not go against it; so you might as well forget about asking him to break into someone’s e-mail or bank account. But if you want him to crack GTA IV, he will do it for as little as $2. Hackers

If you are a Windows users and haven't tried the methods to pwn the first generation iPhone running iPhone firmware 2.0 or jailbreak iPhone 3G or facing an issue with it or are simply looking for an easy to use tool like iPhone Dev Team's Pwnage Tool as they are not for the faint hearted then the good news is WinPwn, the Windows version of the Pwnage Tool 2.0 is now available. The iPhone Dev Team released their Pwnage Tool 2.0 to jailbreak, unlock and activate iPhone only for Mac users late last week. The windows version of the Pwnage Tool i.e. WinPwn was still not available at that time. So some clever folks over at iUnlocked.org figured out a way to pwn the first generation iPhone running iPhone firmware 2.0 using Windows. However, it was not for the faint hearted, so if you are looking for an easy to use tool to jailbreak, unlock and activate your first generation iPhone or jailbreak iPhone 3G running iPhone firmware 2.0 then Windows users can now checkout WinPwn, the Window

Well, the response was overwhelming. :) The downloads brought down several of our servers, and some of them have yet to recover! It seems that some people have been having problems with our initial release, so we have PwnageTool 2.0.1 for you. It addresses the following issues: It auto-finds the bl39 and bl46 files better, if they’re on your computer It creates the ~/Library/iTunes/Device Support/ folder if not present, which should help with some 1600 errors people have been having. Many people have reported the PwnageTool not starting up at all (the icon never stops bouncing). This issue should be resolved now. The Sparkle AppCast URL is fixed in this version, so automatic updates should work for future releases. Because of the AppCast URL fix, we recommend that everyone who downloaded PwnageTool 2.0 get this version, if they want to stay up to date automatically. N.B: if PwnageTool 2.0 pwned your phone correctly the first time, you do not need to pwn again with 2.0.1. The file can b

When you don't want to depend solely on the official App Store to get your iPhone 2.0 applications, you want to jailbreak your iPhone or iPod touch—and less than two weeks after the iPhone 2.0 launch, it's easier than ever to do with your new device. The hard-working iPhone Dev Team released the jailbreak utility PwnageTool version 2.0.1 this weekend, and while it's not as one-step as ZiPhone, it still offers an easy GUI interface for the job. Let's take a look at the step by step for jailbreaking your iPhone 2.0 device with PwnageTool. Warning: The 2.0 jailbreak is still relatively new, and does suffer from instability. While I successfully jailbroke my device this morning, I have experienced hang-ups and freezes trying out new apps, and I haven't had a chance to make sure every single feature on my device still works as it did pre-break. If you decide to jailbreak, proceed with the utmost caution and a full backup of your device's data. What You'll Get The

If you're an original, EDGE-only iPhone owner who doesn't mind twiddling with hack-level software, you're in luck. Guides for adding the iPhone 2.0 software to your original unit have popped up on the APC Magazine and iPhone Hacks sites. Mac users should check out the link below, which utilizes the "PwnageTool," BootNeuter 2.0, and some manual hardware resets to enable Cydia, an Installer.app-type program that, well, doesn't have a lot available right now. If you're a Windows owner, head over to iPhone Hacks' guide, which is similar but requires a few more steps. We haven't had the chance to test either of these solutions yet on an original iPhone, but even if we had, we'd recommend syncing and backing up your iPhone before jumping into work-around hacks like these. via lifehacker.com

A new training offering presented by Offensive Security. “Offensive Security Wireless Attacks”, also known as “BackTrack WiFu” is a course designed for penetration testers and security enthusiasts who need to learn to implement various active and passive Wireless (802.11 2.4 GHz) attacks. The course is based on the Wireless Attack suite - Aircrack-ng The course was designed by Thomas d’Otreppe and Mati Aharoni in an attempt to organise and summarise today’s relevant WiFi attacks. This course will kick-start your WiFu abilities, and get you cracking WEP and WPA using the latest tools and attacks in no time!

Live From BackTrack to The Max you can download from : http://rapidshare.com/files/96419319/WarungPlus.Backtrack.2.the.max.part1.rar http://rapidshare.com/files/96428613/WarungPlus.Backtrack.2.the.max.part2.rar http://rapidshare.com/files/96434338/WarungPlus.Backtrack.2.the.max.part3.rar http://rapidshare.com/files/96442408/WarungPlus.Backtrack.2.the.max.part4.rar http://rapidshare.com/files/96411747/WarungPlus.Backtrack.2.the.max.part5.rar

Anytime, Anywhere, WLAN Monitoring and Troubleshooting AirMagnet's Laptop Analyzer is the industry's most popular mobile field tool for troubleshooting enterprise Wi-Fi networks. Laptop Analyzer helps IT staff make sense of end-user complaints to quickly resolve performance problems, while automatically detecting security threats and other network vulnerabilities. Although compact, Laptop Analyzer has many of the feature-rich qualities of a dedicated, policy-driven wireless LAN monitoring system. Automatically Detect Rogues and Network Vulnerabilities Laptop Analyzer automatically identifies hundreds of performance problems, such as 802.11n mis-configurations, 802.11b/g conflicts, 802.11e problems, and QoS, as well as dozens of wireless intrusions and hacking strategies, including Rogue devices, Denial-of-Service attacks, Dictionary Attacks, Faked APs, RF Jamming, "Stumbler" tools, and many more. Laptop Analyzer also offers a convenient "Find Tool" that ena

AirMagnet offers the first and only comprehensive mobile toolset for planning, securing and optimizing 802.11n networks Whether deploying a new 802.11n network, or integrating 802.11n technology into an existing infrastructure, AirMagnet solutions are critical for measuring the impact of 802.11n, modeling deployment scenarios, and optimizing ongoing security and performance management. The products let organizations effectively deploy 802.11n networks by offering the only independent view of the access points, client and surrounding environment. AirMagnet addresses two universal challenges facing 802.11n deployments how to get true 11n performance versus theory how to phase 11n gear into an established WLAN without doing a forklift upgrade or experience conflicts that rob the network of performance. The AirMagnet 802.11n solution, including AirMagnet Laptop Analyzer and AirMagnet Survey, allow organizations to overcome 802.11n challenges by: Educating the user on 802.11n technology Mo

Avoid Interferences with your Wi-Fi Environment AirMagnet's Spectrum Analyzer proactively identifies, classifies, and finds sources of RF interferences that impact the performance of Wi-Fi networks. Unlike earlier generations of spectrum analyzers, AirMagnet's Spectrum Analyzer provides an IT-friendly user interface. The system automatically identifies the specific types of devices that are causing RF interference and tracks them to their physical location, enabling network managers to resolve issues quickly and easily. Personalized Real-time, Diagnostic Views Spectrum Analyzer provides a rich set of real-time graphical displays to help you analyze your RF spectrum. Build your own customized diagnostic view from 12 available plots and charts such as: Real-time FFT Plot, FFT Duty Cycle Plot, Swept Spectrogram Plot, Power vs. Frequency Plot, Power vs. Time Plot, Active Device Chart, Devices vs. Channel Chart, Devices vs. Time Chart, Channel Utilization Chart, Channel Utilization

Detect, identify, and locate RF interference in 802.11 WLANs. RF spectrum analysis for troubleshooting and optimizing 802.11a/b/g WLANs Real-time device detection and identification Device Finder that pinpoints the location of interfering devices Designed for IT network professionals who need answers, not just data Affordable, portable solution for use on a laptop/tablet PC or on the OptiView™ Integrated Network Analyzer Real-time spectrum analysis wherever you need it Product Capabilities AnalyzeAir software provides IT network professionals with the vision they need into the hidden world of RF, providing them with the ability to see the spectrum in a visible and intelligible format. AnalyzeAir software lets you see, monitor, analyze, and manage all the RF sources and wireless devices that influence your Wi-Fi network’s performance and security, even if those devices are unauthorized or transient. AnalyzeAir software takes the cost and complexity out of spectrum analysis. Unlike sing

It looks like it might be time to update our very well received list of the 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) since we have Russix now and Backtrack new version is on the way out. Russix is a Slax based Wireless Live Linux. It has been designed to be light (circa 230Mb) and dedicated purely to wireless auditing. It is not a script kiddy phishing tool and as such, while it will allow you to break a WEP key in 6 key strokes and conduct an “Evil Tiny Twin” attack in less than 5, it will not let you become the latest version of Barclays Bank. Russix evolved from an internal UK Military Wireless auditing tool (debian based) which russ had developed while working for them as a penetration tester. Russix is a free download for auditing. It scripts together several WLAN attacks and will allow the user to break a WEP key in about 6 keystrokes! It will not be modified by us to make it into a phishing tool as that would be evil. It comprises a number of tools i

For some reason I’ve never posted about Kismet, and I don’t like to assume everyone knows everything. So for those who may not have heard of it, here’s Kismet. Kismet is one of foundation tools Wireless Hacking, it’s very mature and does what it’s supposed to do. Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic. Features Ethereal/Tcpdump compatible data logging Airsnort compatible weak-iv packet logging Network IP range detection Built-in channel hopping and multicard split channel hopping Hidden network SSID decloaking Graphical mapping of networks Client/Server architecture allows multi

The OSWA-Assistant is a no-Operating-System-required standalone toolkit which is solely focused on wireless auditing. As a result, in addition to the usual WiFi (802.11) auditing tools, it also covers Bluetooth and RFID auditing. Using the toolkit is as easy as popping it into your computer’s CDROM and making your computer boot from it! This toolkit is a contribution to the wireless security/auditing community and, as the “Assistant” moniker implies, and is designed for the following groups of people: IT-security auditors and professionals who need to execute technical wireless security testing against wireless infrastructure and clients; IT professionals who have responsibility for ensuring the secure operation and administration of their organization’s wireless networks; SME (Small & Medium Enterprise) and SOHO (SmallOffice-HomeOffice) businesses who do not have either the technical expertise or the resources to employ such expertise to audit their wireless networks; Non-technica

Hackers have managed to penetrate to one of the deepest levels in the iPhone 3G's software, according to claims. The makers of the PwnageTool say that in working on v2.0 of their software, they have managed to crack "iBoot," the command line used to communicate with the 3G's equivalent of a BIOS. iBoot is said to be present because iTunes requires a lever for restoring a phone; normally, however, iBoot is said to be "heavily restricted," permitting only Apple code. The only access layer deeper than iBoot is said to be in ROM, and so any further anti-unlocking efforts could force hardware changes. The team meanwhile says it has achieved a means of dual-booting older iPhones that use the v1.1.x firmware. On a phone currently loaded with v1.1.1, for instance, people can allegedly create a separate v1.1.1 partition, and then upgrade the main one to v1.1.4. The technique requires downgrading to iTunes 7.5 however, and knowledge in accessing base drive commands.

It’s far too easy to set up WiFi for your home or business; all you have to do is go to your local electronics superstore and pick up a wireless router, plug it in to your network, and connect to it. The default configuration of most consumer products–completely open with no security enabled–will allow you to connect without having to enter any configuration information into your wireless PC. That’s why in any given neighborhood you’ll see multiple unsecured wireless network connections available. Most public WiFi hotstpots are also unsecured, open connections. If you just surf the web and send an occasional email, you might be OK (besides the fact that anyone in range can connect to and use your Internet connection), but the moment you start using your PC for banking, making purchases, and paying bills online, that wireless connection absolutely must be secured. It must be done right, and there’s really only one right way to do it. Before I explain that, let me tell you what not to do

You're at the airport waiting for your flight. With time to kill, you're thinking of connecting your laptop to the airport's Wi-Fi to check your office e-mail...do some personal banking...or shop for a gift for your spouse. But first, consider this: odds are there's a hacker nearby, with his own laptop, attempting to "eavesdrop" on your computer to obtain personal data that will provide access to your money or even to your company's sensitive information. Here's something else to consider: there are 68,000 Wi-Fi "hot spots" in the U.S. (see the graphic below for the top Wi-Fi countries), at airports, coffee shops, hotels, bookstores, schools, and other locations where hundreds or thousands of people pass through every day. While many of these hot spots have secure networks, some do not, according to Supervisory Special Agent Donna Peterson of our Cyber Division. And connecting to an unsecure network can leave you vulnerable to attacks from

The 2.4 GHz band is getting crowded, so you need better wireless networking tools to quickly resolve interference issues. That's why we here at MetaGeek have been working feverishly on Wi-Spy 2.4x, our second generation Wi-Spy with three times the frequency resolution, three times the amplitude resolution, and twice the amplitude range of our original Wi-Spy. With the higher resolution and improved amplitude range of Wi-Spy 2.4x it is now even easier to identify wireless signals that could be causing interference with your Wi-Fi networks. With Wi-Spy 2.4x... "now you'll know, and knowing is half the battle." Specs Antenna: External, RP-SMA Bandwidth: 2400 to 2483.5 MHz Frequency Resolution: 328 KHz Amplitude Range: -110 dBm to -6.5 dBm Amplitude Resolution: 0.5 dBm Weight: ≈ 23 grams Sweep Time: 165 millisecond Wi-Spy is perfect for troubleshooting interference from the following devices: Wi-Fi (802.11 b/g/n) Microwave Ovens Cordless Phones Baby Monitors Bluetooth Dat

Thierry Zoller and Kevin Finistere @ 23C3 In Berlin (Germany). Remote Root Exploit over Bluetooth on MacOSX

This is a tuturial how to hack the most mobile phones with Bluetooth with your Sony Ericsson or Nokia phone. You need a program called "Super Bluetooth Hack" (it's also called "BT Info"). You can download it on many places, such as: http://www.hack.pt.tp/ or try Google (search for "BT Info" or "Super Bluetooth Hack". With the program you can do things on the other phone such as: - read SMS messages - read contacts - change profile - play ringtone (even if phone is on silent) - play songs - restart the phone - turn off the phone - restore factory settings - change ringing volume - call from the other phone (it includes all call functions like hold etc.) Notes: 1.) When connecting devices use the code 0000 2.) At start of programm on smartphones do not forget to turn on bluetooth before start of the application 3.) You have to download the file with Firefox, because Internet Explorer makes it a .zip file. If you don't want to download Firef

Here's a short video in which Joshua Wright demonstrates how a Bluetooth headset can be hijacked, allowing audio to be captured or sent to the device: Few users realize that Bluetooth headsets can be exploited granting a remote attacker the ability to record and inject audio through the headset while the device is not in an active call. SANS Institute author and senior instructor Joshua Wright demonstrates. All that is necessary is knowing the device address, which can be easily sniffed, and the secret pin, which defaults to 0000. The headset audio is tapped while not in a call, so any room conversation the headset's mic can pick up can potentially be listened to remotely.

I found that wifizoo script is a wonderful VA/PT tool.here is how I am running wifizoo script on my laptop running wireless NIC Intel 3945a/b/g along with discovery/Injection support.here is step by step configuration along with problem solved with logs and graph rendering in BT3 Final. Brief about wifizoo-WifiZoo is a tool to gather wifi information passively. Among many other things Wifizoo can do the following: “-gathers useful information from unencrypted wifi traffic (ala Ferret,and dsniff, etc); like pop3 credentials smtp traffic, http cookies/authinfo, msn messages,ftp credentials, telnet network traffic nbt, etc.” download the following tools first WifiZoo v1.3 http://community.corest.com/~hochoa/wifizoo/wifizoo_v1.3.tgz scapy http://hg.secdev.org/scapy/raw-file/tip/scapy.py graphviz 2.18 update for BT3 http://slacky.uglyplace.org/reposito…8-i486-1sl.tgz check your wireless NIC which supports both discovery & Injection & note it. In intel 3945 it is wifi0(ipwraw driver)

Here is a Python program to do WiFi channel hopping with an AirPcap adapter. The program (apc-channel.py) takes 3 options: –interval sec to set the interval between hops (default is 0.5 sec) –step increment to specify the size of the channel hop (default is 5) –quit to prevent the program from displaying each channel hop The program also serves as an example on how to use the AirPcap dll from a Python program. I’ve a couple of other AirPcap programs written in Python (like one to monitor probe requests). If there’s enough interest, I’ll clean up the code and publish it. Be aware that you need an AirPcap adapter for all these programs. link: hxxp://didierstevens.com/files/software/apc-channel_v0_1.zip via thewifihack.com

The OSWA Assistant is a no-Operating-System-required standalone toolkit which is solely focused on wireless auditing. As a result, in addition to the usual WiFi (802.11) auditing tools, it also covers Bluetooth and RFID auditing. Using the toolkit is as easy as popping it into your computer’s CDROM and making your computer boot from it! This toolkit is a contribution to the wireless security/auditing community and, as the “Assistant” moniker implies, and is designed for the following groups of people: > IT-security auditors and professionals who need to execute technical wireless security testing against wireless infrastructure and clients; > IT professionals who have responsibility for ensuring the secure operation and administration of their organization’s wireless networks; > SME (Small & Medium Enterprise) and SOHO (SmallOffice-HomeOffice) businesses who do not have either the technical expertise or the resources to employ such expertise to audit their wireless network

Many papers and posts on internet forums have commented on the success of turning normal everyday bluetooth USB dongles ($10), into their more powerful counterparts that allow the capturing of packets from the airwaves. These more powerful USB dongles are usually sold at a much higher price ($10,000) together with the software to drive and control these devices. The problems associated with BlueTooth sniffing You cant simply just purchase the dongle with the alternate firmware. There is next to no real opensource packet capture program for the bluetooth protocol. Hardware & Limitations Chipsets: Whats the difference? The chipset of the Bluetooth USB Dongles are very important. Broadcom chipsets are cheap hardware and are deemed unsuitable devices for this paper. But unfortunalty nowadays, every manufacturer seems to prefer putting these chips in their products compared to the more reliable Cambridge Silicon Radio (CSR) chipset. If your lucky enough to find a dongle with a CSR chips

The Netgear Open Source Router is aimed specifically at running third-party, open-source firmwares like previously mentioned Tomato or DD-WRT. We've covered installing these firmwares on supported routers here and here, but Netgear's Open Source Router is unique in that it's designed specifically to support these open-source projects; Netgear has even created a community web site where enthusiasts can contribute guides and more. open source Wireless-G Router (model WGR614L), enabling Linux developers and enthusiasts to create firmware for specialized applications, and supported by a dedicated open source community. The router supports the most popular open source firmware; Tomato and DD-WRT are available on WGR614L, making it easier for users to develop a wide variety of applications. The router is targeted at people who want custom firmware on their router without worrying about issues, and enjoy the benefits of having an open source wireless router." via hackaday.com