Researcher exploits new bugs in firmware to wrest control of vulnerable iPhone, Android devices.

Kelly Jackson Higgins, Executive Editor at Dark Reading

May 3, 2011

2 Min Read

A European researcher today showed how bugs he has discovered in the baseband chipset firmware of iPhone and Android smartphones could be exploited to ultimately take control of these devices.

Ralf-Philipp Weinmann, a researcher at the University of Luxembourg, was poised here to demonstrate an exploit he created that turns on the auto-answer feature on the affected smartphones and then uses them as remote listening devices. But he was unable to get his demo to run live successfully, in part due to poor cellular reception in the hotel where the conference was held.

Despite the demo glitch, security experts say the research marks a new generation of smartphone hacking.

"This is extremely significant," says Don Bailey, security consultant with iSec Partners. "Before, you could intercept calls, SMS, and in some cases GPRS [General Packet Radio Service]/EDGE, depending on if you had the requisite hardware."

And Weinmann's research achieves the endgame of code execution, Bailey says.

Weinmann is no stranger to smartphone hacking -- he and Vincenzo Iozzo, a researcher at Zynamics, last year won the PWN2OWN contest at CansecWest by exploiting the iPhone via Safari.

Hardware hacking expert Chris Paget successfully faked several attendees' cell phones into connecting to his phony GSM base station during a live demonstration at Defcon18 in Las Vegas in July. Paget, who says GSM is "broken," was demonstrating weaknesses in the GSM protocol by using a homegrown GSM base station. His so-called "IMSI Catcher" acted as a spoofed GSM tower and fake base station that fooled GSM smartphones into connecting to it.

GSM technology is used in 80 percent of the world's mobile phone calls today and has been the subject of previous security research poking holes in it. "The main problem is that GSM is broken. You have 3G and all of these later protocols with problems for GSM that have been known for decades. It's about time we move on," Paget said prior to his demonstration at DefCon.

Read the rest of this article
on Dark Reading

About the Author(s)

Kelly Jackson Higgins

Executive Editor at Dark Reading

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary.  Follow her on Twitter @kjhiggins.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights