To verify an IMEI is valid and Cerberus has that device registered on their system you have to fire off an HTTP request. You can easily generate 106 (1,000,000) numbers within seconds, it’s verifying them that takes time. Thus, in a 15-digit IMEI number there is a relatively low amount of randomness. After those 6 digits the last digit is a Luhn-checksum digit, which is computed as a function of the first 14 digits. ![]() These 6 digits are the only digits that are difficult for an attacker to guess. Although this is the most significant portion of my IMEI number, it is not private information knowing the model of my phone (or guessing the model) is sufficient to guess most of my IMEI number.Īfter the 8-digit TAC there are 6 digits that uniquely identify the specific device. For example, because I have a Samsung Galaxy Note 2, the first 8 digits of my IMEI are 35362705. ![]() The first 8 digits of an IMEI represent the Type Allocation Code (TAC), which is determined by the model of the phone. IMEI numbers are not distributed uniformly at random. Anatomy of an IMEI numberīefore we delve in further let’s take a quick look at the format of an IMEI number. Upon further investigation it turns out that this ID is your devices IMEI number. When you login with your username and password the Cerberus API replies back with a “device ID” which is a seemingly 15 digit randomly generated number, this ID is then used in subsequent requests and used to “authenticate” you – that’s right, your username/password aren’t used past the initial stage. The problem here lies with what’s going on behind the scenes. 99% of the time this is fine and accepted standard for authenticating yourself. ![]() You have a username and password, which only you know, similar to Facebook and practically every other website out there with a login system. A security hole in Cerberus allows just that. ![]() Pretty cool, right? Now imagine if anyone could access your device and listen to your conversations. Features include: locate and track your device, start alarms, get a list of recent calls, download SMS messages, take pictures, record video, record audio and much more – all of which is done discreetly without the “thief” knowing so you can track your phone down and attempt to recover it. Cerberus allows you to remotely control your device if it has been lost or stolen. You may or may not have heard of Cerberus, an anti-theft application for Android devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |