Smartphone Hack Highlights More GSM Woes - InformationWeek
IoT
IoT
Mobile
News
5/3/2011
02:15 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%
RELATED EVENTS
How Upwork Cut Zero-Day File Attacks by 70%
Oct 05, 2017
Upwork has millions of clients and freelancers that have to upload and download many files to and ...Read More>>

Smartphone Hack Highlights More GSM Woes

Researcher exploits new bugs in firmware to wrest control of vulnerable iPhone, Android devices.

A European researcher today showed how bugs he has discovered in the baseband chipset firmware of iPhone and Android smartphones could be exploited to ultimately take control of these devices.

Ralf-Philipp Weinmann, a researcher at the University of Luxembourg, was poised here to demonstrate an exploit he created that turns on the auto-answer feature on the affected smartphones and then uses them as remote listening devices. But he was unable to get his demo to run live successfully, in part due to poor cellular reception in the hotel where the conference was held.

Despite the demo glitch, security experts say the research marks a new generation of smartphone hacking.

"This is extremely significant," says Don Bailey, security consultant with iSec Partners. "Before, you could intercept calls, SMS, and in some cases GPRS [General Packet Radio Service]/EDGE, depending on if you had the requisite hardware."

And Weinmann's research achieves the endgame of code execution, Bailey says.

Weinmann is no stranger to smartphone hacking -- he and Vincenzo Iozzo, a researcher at Zynamics, last year won the PWN2OWN contest at CansecWest by exploiting the iPhone via Safari.

Hardware hacking expert Chris Paget successfully faked several attendees' cell phones into connecting to his phony GSM base station during a live demonstration at Defcon18 in Las Vegas in July. Paget, who says GSM is "broken," was demonstrating weaknesses in the GSM protocol by using a homegrown GSM base station. His so-called "IMSI Catcher" acted as a spoofed GSM tower and fake base station that fooled GSM smartphones into connecting to it.

GSM technology is used in 80 percent of the world's mobile phone calls today and has been the subject of previous security research poking holes in it. "The main problem is that GSM is broken. You have 3G and all of these later protocols with problems for GSM that have been known for decades. It's about time we move on," Paget said prior to his demonstration at DefCon.

Read the rest of this article
on Dark Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll