GSM phones vulnerable to hijack scams: researcher

BERLIN Wed Dec 28, 2011 4:28am EST

Customers look at Samsung Electronics' Galaxy S II LTE smartphones on display at a shop at the company's headquarters in Seoul October 28, 2011. Samsung Electronics Co overtook Apple Inc as the world's top smartphone maker in the July-September period with a 44 percent jump in shipments, and forecast strong sales in the current quarter in a clear warning to its rivals.   REUTERS/Jo Yong-Hak

Customers look at Samsung Electronics' Galaxy S II LTE smartphones on display at a shop at the company's headquarters in Seoul October 28, 2011. Samsung Electronics Co overtook Apple Inc as the world's top smartphone maker in the July-September period with a 44 percent jump in shipments, and forecast strong sales in the current quarter in a clear warning to its rivals.

Credit: Reuters/Jo Yong-Hak

Related Topics

BERLIN (Reuters) - Flaws in a widely used wireless technology could allow hackers to gain remote control of phones and instruct them to send text messages or make calls, according to an expert on mobile phone security.

They could use the vulnerability in the GSM technology -- which is used by most telecom operators globally and by billions of people -- to make calls or send texts to expensive, premium phone and messaging services in scams, said Karsten Nohl, head of Berlin-based Security Research Labs.

Nohl is a well-regarded expert on mobile security who last year identified a bug in GSM technology that makes calls vulnerable to tapping. He says he is calling attention to these flaws to pressure the industry into beefing up the security of their products.

Mobile security is a hot issue because hackers are paying unprecedented attention to the devices as smartphone sales have outpaced sales of PCs.

Only a few flaws have been found in GSM technology - which stands for Global System for Mobile Communications - over its 20-year history. Industry lobby group GSMA said on Tuesday it did not expect the new findings to affect its views on the security of the technology.

"The GSMA and its mobile network operator members are confident in the security of existing 2G GSM networks and real attacks on real networks against real customers are most unlikely," it said in a statement, adding that newer technologies are safer and not impacted by the new research.

GSMA's statement "on anticipated GSM security announcements" did not make clear whether the industry group had actually seen Nohl's latest research.

Security experts have previously identified a small number of viruses designed to infect smartphones, allowing hackers to take control of the devices and force them to make calls or send text messages. But Nohl said he has discovered a way to leverage previously disclosed vulnerabilities in GSM technology that could potentially threaten hundreds of thousands of phones.

"We can do it to hundreds of thousands of phones in a short time frame," Nohl told Reuters ahead of a presentation on the topic at a hacking convention in Berlin on Tuesday.

SECTOR IN FOCUS

Smartphone malware is popping up at an unprecedented rate as people put more and more valuable information on the devices, using them to hold corporate secrets, conduct banking and function as digital wallets.

GSM became the dominant mobile technology globally in the late 1990s and even though new, faster mobile networks have been rolled out across the world, operators have stuck to their GSM networks to support older phones and to offer service when new networks fail.

The Berlin convention takes place just days after U.S. security think tank Strategic Forecasting Inc (Stratfor) said its website had been hacked and that some names of corporate subscribers had been made public. Activist hacker group Anonymous claimed responsibility.

Attacks on corporate landline phone systems are fairly common, often involving bogus premium-service phone lines that hackers set up in countries in Eastern Europe, Africa and Asia.

Fraudsters make calls to the numbers from hacked business phone systems or mobile phones, then collect their cash and move on before the activity is identified.

The phone users typically do not realize the problem until after they receive their bills, and telecommunications carriers often end up footing at least some of the costs.

Even though Nohl will not present all details of possible attacks at the conference, he said hackers will usually replicate the code needed for attacks within a few weeks.

T-MOBILE, SFR LEAD NEW RANKING

Mobile networks of Germany's T-Mobile and France's SFR offer their clients the best protection against online criminals wanting to intercept their calls or track their movements, according to a new ranking Nohl will unveil at his presentation.

The new ranking, at gsmmap.org, is conducted by security researchers, who hope this will heighten the awareness of operators and consumers on the vulnerability of their mobile communications.

Researchers reviewed 32 operators in 11 countries and rated their performance based on how easy it was for them to intercept the calls, impersonate someone's device or track the device.

"None of the networks protects users very well," Nohl said.

The sample is set to grow from 32 carriers dramatically next year as the tool enables anyone to participate in data gathering

by downloading measuring software to their phones.

Nohl said mobile telecom operators could easily improve their clients' security, in many cases by just updating their software.

Researchers reviewed operators in Austria, Belgium, the Czech Republic, France, Germany, Hungary, Italy, Morocco, Slovakia, Switzerland and Thailand.

(Additional reporting by Jim Finkle; Editing by Matt Driskill, Vinu Pilakkott and Matthew Lewis)

FILED UNDER: