AdSense

Thursday, March 8, 2018

Pentest via cellular network (II): Hologram Nova Global 2G/3G Modem


PENTEST VIA CELLULAR NETWORK (II): HOLOGRAM NOVA GLOBAL 2G/3G MODEM

- Layout for this exercise (Smartphone and Raspberry Pi / SIM card / Modem):




1 - Hologram Nova Global 2G/3G Modem

- The modem Hologram Nova is a global 3G/2G cellular modem purpose-built for IoT and single board computers like the Raspberry Pi. 

- Paired with Hologram's CLI/Python SDK and global cellular network, the Nova is a simple plug-and-play modem for instant connectivity and secure data messaging.

- At the moment of writing this text, it can be bought online at a price of $49.

https://hologram.io/store/nova-global-cellular-modem/36








- Before the Nova modem can be operational the SIM must be activated (as done at previous exercise) so that it can gain access to the cellular network.

- The SIM card is inserted into the slot of the bottom of the Nova board, being careful that the Nova is not plugged-in at that moment:






- The Nova modem kit includes two quad-band flexible UFL anntenas, operating over 850/900/1900/2100 MHz bands.

- The larger black anntena is expected to provide better reception, though the yellow antenna has the benefit of fitting better due to its smaller size.

- The anntenas are attached pressing firmly down the gold UFL connector:




- Once the modem is operating correctly there are two LEDs (blue and red) providing feedback about what is going on inside the modem:


  • The blue LED represents whether the modem is on/off.
  • The red LED indicates the network status: off (no network detected), double blink(2G), rapid blink (3G), solid (connected)




2 - Hologram Python SDK

- The Python SDK and Hologram CLI are available on Github as open source.

- The Hologram Ptython SDK allows to connect and communicate the Hologram SIM card and the Nova USB modem with other IoT platforms for cellular connectivity:

https://github.com/hologram-io















- Installing the Hologram Python SDK to the Raspberry Pi device:



..............................




- On next exercises this Python SDK platform will be used abundantly:







3 - Checking the functionality of the modem


- First of all, let's check that Raspberry Pi detects the modem connected to one of its USB ports:





- Accessing available ports:




- hologram command has got several options:





- Detecting the type of modem:




- Printing the celullar network available:




- Printing the SIM card number used with the modem:




- Printing the signal strength:




- Printing the location:





4 - Sending and receiving SMS messages between a cellular phone and a modem


- Connecting the modem to the cellular network:




- A new interface ppp0 (point-to-point-protocol) is created:




- Checking the Internet connectivity let's see the huge replay delays of the pings, what it is understable in this kind of connection:




- Now, to send/receive SMS messages the cellular phone device key is required (available at the user Dashboard):




- Sending a message from the modem to the phone:




- The message is successfully received at the phone:




- Preparing the modem to receive SMSs:





- The phone answers:


















- The phone receives the message:




- Finally the modem can be disconnected:








Pentest via cellular network (I): Global IoT SIM Card


PENTEST VIA CELLULAR NETWORK (I): GLOBAL IOT SIM CARD

- Layout for this exercise (Smartphone and Raspberry Pi / SIM card / Modem):






1 - Introduction

- The goal of this series of five exercises is to demonstrate how to perform a remote penetration testing (port scanning) with a Raspberry Pi device and a modem using an SMS (Short Message Service) message via a cellular network, instead of an usual Internet connection.

- For that purpose a smartphone communicates with a SIM card incorporated to a modem that is inserted into the USB port of a Raspberry Pi 3 Model B device.

- This project could be applied in scenarios where no reliable connectivity to the Internet is available, since cellular networks ensure connectivity at all times and in any place.

The project is presented through successive steps, beginning with the introduction of the hardware elements used, and continuing with the applications and programming needed to complete it.


2 - Raspberry Pi 3  with Raspbian Stretch


- As said before, in this exercise a Raspberry Pi 3 Model B device is used, loaded with the operating system Raspbian Stretch:

https://www.raspberrypi.org/products/raspberry-pi-3-model-b/




3 - Hologram Global IoT SIM Card


- Hologram is an USA based company that provides flexible tools for securely connecting IoT devices: 

https://hologram.io


- The Hologram IoT SIM platform sells the Global IoT SIM Card


https://hologram.io/store/developer-global-iot-sim-card










































The Global SIM Card can be bought online at a price of $5 and it is delivered to home via the usual postal service:




- Once the SIM Card is available an online activation is required. 

- To activate the SIM card, first of all a Hologram account must be created:

https://dashboard.hologram.io/account/login




-  Once logged in, from the Dashboard the SIM is activated by first time:

https://dashboard.hologram.io/activate





- The SIM number is written on the back of the card and it must be entered (added) as below:





- Starting with the Developer data plan:






- Taking Zone 1 for the USA:


 

- The cost is $0 for the first month:





- Activating the card:








- The activation takes some minutes until the card reaches the Live status:








- Setting the name whitelist to the device:




- Regarding the Billing, some money should be added to the balance for later buying the number of the phone, that will be necessary for sending/receiving SMS messages:






- After some money is in the balance, a phone number can be purchased at a cheap price of $1:














- A phone number is achieved, linked to the recently activated SIM card: