• Home
  • What's New
  • Products
  • Downloads
  • Forums
  • About Us

DwD Studios

Raise your dice hand high!
COVERT OPS MENU
About Covert OpsProduct LicensingWrite for UsShort AssignmentsDownloadsProductsForums
Home | Forums | Main Systems | Covert Ops

Hacking cell phones

PostDateIcon Fri, 06/10/2016 - 12:56am | PostAuthorIcon taustinoc

Hacking a single computer is pretty straight forward. Roll to break in, roll to find what you way, maybe another roll to decrypt if necessary, no need to slow down the game and bore the players who aren't running hackers.

But if one needs to take over a network, and doing so is a big part of the mission, things can get as complicated as you want. This is what I've developed so far:

Cracking Cell Phones
There are three approaches to breaking into a cell phone:

Attack the phone operating system through the cell network. This is the most difficult attack, and incurs a -40 to the Technician check to find an exploit that will allow access. Once access is obtained, there will be an additional -30 to all Technician checks to access information at the user operating system level (this is pretty much everything other than any calls or texts currently incoming or outgoing). The phone simply isn’t designed for the hardware level to control the user level.
Such an attack can come from anywhere in the world, if the attacker knows the identity of the phone and has access to the cell network it is connected to.

Attack the user interface through the WiFi system. This is the most common method of attack, and provides no modifiers for either the initial attack or retrieving data.
Such an attack can come from anywhere on the local network, but requires WiFi be on. A -10 penalty to the Technician check if the WiFi is not actually connected to anything.

Attack the user interface through Bluetooth. This is actually the easiest method of attack, giving a +20 to the Technician check, but no modifier for checks to retrieve data. While Class 2 Bluetooth devices have a theoretical range of 10 meters (33 feet), in real world conditions it is often a lot less.

In addition to the attack vector, other modifiers result from the type of phone. No opinions will be offered here on the quality of security offered by real life phone models, so types will be classified as Cheap, Moderate, and Expensive, and Old, Average, and New. Cheap and Old each offer +10 to Technician checks. Expensive and New each offer -10 to Technician checks. Some phones will also have a dedicated encryption subsystem, which offers an additional -20 to Technician checks. These modifiers apply to both the attack roll and rolls to retrieve specific information.

To attack a phone, the attacker makes a Technician check with appropriate modifiers. This takes 1D minutes per attempt. If the attack critically succeeds, any security system present is deactivated, and further Technician checks on that phone are at +10. If the attack is successful, access is granted. If the attack fails, there is no access, but further attacks are unmodified. If the attack critically fails, a second action (with the usual penalty) is necessary to avoid triggering any security systems that are present (not all phones have them).

Once a phone has been compromised, the attacker has several options. Each takes 1 turn and requires a Technician check – downloading data may take longer, depending on how much there is):

  1. Deactivate the security monitoring system. (Until this is done, any other actions requires an immediate Tech skill check to prevent triggering an alarm.)
  2. Retrieve a specific body of information (as a single dump), such as all texts, all call records, address book, all emails, data from a specific app, etc.
  3. Retrieve an encryption key. (If the phone has an encryption subsystem, this is impossible to do directly, but can be done by feeding known data into the encryption subsystem, retrieving the encrypted version, and reverse engineering the key. This is with the usual modifiers for the phone, but takes 1D turns to generate enough data to be feasible, followed by a second Technician check (without phone modifiers – this is done on the attackers own system – taking 2D turns.)
  4. If the phone is not in use, the microphone can be activated. If it is in use, the call can be tapped. If the phone is connected to a Bluetooth headset, there is an additional +20 modifier on this roll.
  5. Delete or alter stored data in any one app.
  6. Activate and control any app. (-20 to do so without the user being aware.)
  7. Turn WiFi or Bluetooth on or off.
  8. Use the phone’s WiFi signal characteristics to track the phone’s location to within half a meter, relative to a known access point (-30 to Technician check, but +20 if Bluetooth is turned on, and +20 if the access point is also controlled).

In some cases (such as a burner phone), once data is retrieved, a Detective check (by the intruder or someone else) may be needed to extract useful information out of it. This may also require access to other resources, such as tracking a phone’s location through metadata records, and coordinating it with similar records for other phones to get a name. This would require access to phone company records, and can take hours, days, or months. Often, stored texts, browser history or app data will give clues to the user’s identity as well.

‹ Mission 2: The Hijacking of the Keats' Pride Requisitioning equipment in a hurry ›
PostCommentsIcon Login or register  | PostCategoryIcon   | PostTagIcon Tags: Covert Ops
Submitted by DwD Studios on Fri, 06/10/2016 - 10:41am.

You scare me.

  • LoginRegister
Submitted by taustinoc on Fri, 06/10/2016 - 1:11pm.

I scare me, sometimes. It happens that I do IT work for a living, so this is actually something I need to understand. And the people I game with like a little verisimilitude (though not too much real life accuracy).

  • LoginRegister
navigationlinks
Newest Products

FrontierSpace Scions of Faranis

FrontierSpace Astral Horizon

FrontierSpace Adventures in the Deep

FrontierSpace Harvest Moon

FrontierSpace Cold Space

FrontierSpace Dark Side of Loridian
Forum Theming Block
User login
Image CAPTCHA
Enter the characters shown in the image. Ignore spaces and be careful about upper and lower case.
  • Create new account
  • Request new password
Recent blog posts
  • Sci-Fi Boardgame Development
  • FS Gear Doodles
  • FrontierSpace One point Two
  • What's our vector, Victor?
  • FrontierSpace on Roll20
  • Where to go on a space station?
  • Heroes of Keeper's Island - Devlog
  • Heroes of Keeper's Island - Devlog
  • FS - Tactical Spaceship Combat Playtest
  • DwD Studios at U-Con
more
Active forum topics
  • Barebones Fantasy v2, is this a thing?
  • Art of Wuxia Blog Articles
  • Tactical FrontierSpace Starship Combat
  • Minor NPC rules for robots...
  • Game mechanic miscellany
more
* BareBones Fantasy™ are copyright 2012, DwD Studios.
* BareBones Fantasy™ are trademarks of DwD Studios.
DwD Google+ Community