Vulnerability in a common wireless technology could allow hackers to gain remote control of cellphones, an expert warns.
The GSM network technology, used by billions of people in about 80% of the global cellphone market, could be hacked to make calls or send texts to expensive, premium phone and messaging services in scams.
There have been similar attacks on a small number of smartphones before, but the new attack could expose any cellphone using GSM technology. “We can do it to hundreds of thousands of phones in a short time frame,” said Karsten Nohl, head of Germany’s Security Research Labs, before a presentation at a hacking convention in Berlin yesterday.
Attacks on corporate land-line phone systems are fairly common, often involving bogus premium-service phone lines that hackers set up across Eastern Europe, Africa and Asia.
Fraudsters make calls to the numbers from hacked business phone systems or cellphones, then collect their cash and move on before the activity is identified. The phone users typically do not identify the problem until after they receive their bills and telecoms carriers often end up footing at least some of the costs.
Even though Mr Nohl did not present details of attacks at the conference, he said hackers would usually replicate the code needed for attacks within a few weeks.
He will present a new ranking, at gsmmap.org, which lets consumers see how their operators’ security systems are performing.
Researchers have reviewed 32 cellphone operators in 11 countries and rated their performance based on how easy it was for them to intercept the calls, impersonate devices or track them.
“None of the networks protects users very well,” Mr Nohl said.
He said cellphone operators could easily improve their clients’ security, in many cases by just updating their software.
“Mobile network is by far the weakest part of the mobile ecosystem, even when compared to Android or iOS devices.”
Researchers reviewed cellphone operators in Austria, Belgium, the Czech Republic, France, Germany, Hungary, Italy, Morocco, Slovakia, Switzerland and Thailand.
Article source: http://business.iafrica.com/news/770198.html
View full post on National Cyber Security