AdSense

Thursday, March 8, 2018

Pentest via cellular network (I): Global IoT SIM Card


PENTEST VIA CELLULAR NETWORK (I): GLOBAL IOT SIM CARD

- Layout for this exercise (Smartphone and Raspberry Pi / SIM card / Modem):






1 - Introduction

- The goal of this series of five exercises is to demonstrate how to perform a remote penetration testing (port scanning) with a Raspberry Pi device and a modem using an SMS (Short Message Service) message via a cellular network, instead of an usual Internet connection.

- For that purpose a smartphone communicates with a SIM card incorporated to a modem that is inserted into the USB port of a Raspberry Pi 3 Model B device.

- This project could be applied in scenarios where no reliable connectivity to the Internet is available, since cellular networks ensure connectivity at all times and in any place.

The project is presented through successive steps, beginning with the introduction of the hardware elements used, and continuing with the applications and programming needed to complete it.


2 - Raspberry Pi 3  with Raspbian Stretch


- As said before, in this exercise a Raspberry Pi 3 Model B device is used, loaded with the operating system Raspbian Stretch:

https://www.raspberrypi.org/products/raspberry-pi-3-model-b/




3 - Hologram Global IoT SIM Card


- Hologram is an USA based company that provides flexible tools for securely connecting IoT devices: 

https://hologram.io


- The Hologram IoT SIM platform sells the Global IoT SIM Card


https://hologram.io/store/developer-global-iot-sim-card










































The Global SIM Card can be bought online at a price of $5 and it is delivered to home via the usual postal service:




- Once the SIM Card is available an online activation is required. 

- To activate the SIM card, first of all a Hologram account must be created:

https://dashboard.hologram.io/account/login




-  Once logged in, from the Dashboard the SIM is activated by first time:

https://dashboard.hologram.io/activate





- The SIM number is written on the back of the card and it must be entered (added) as below:





- Starting with the Developer data plan:






- Taking Zone 1 for the USA:


 

- The cost is $0 for the first month:





- Activating the card:








- The activation takes some minutes until the card reaches the Live status:








- Setting the name whitelist to the device:




- Regarding the Billing, some money should be added to the balance for later buying the number of the phone, that will be necessary for sending/receiving SMS messages:






- After some money is in the balance, a phone number can be purchased at a cheap price of $1:














- A phone number is achieved, linked to the recently activated SIM card: