GSM Phones Vulnerable To Hijacking, GSMA Unconcerned

According to a Berlin-based research agency, flaws in the widely used GSM wireless technology could allow hackers to gain remote control of phones and instruct them to send text messages or make calls. The Reuters source of this information is Karsten Nohl, head of Berlin-based Security Research Labs.

Nohl is a well-regarded expert on mobile security who last year identified a bug in GSM technology that makes calls vulnerable to tapping. He says he is calling attention to these flaws to pressure the industry into beefing up the security of their products. Well, it remains to be seen that the claimed tapping possibilities were left hanging out unintentionally.

In any case, “the industry” he mentions may want to look at the real life demos of claimed vulnerabilities and subsequent exploits of these, first. Reuters claims that only a few flaws have been found in the GSM technology itself (which stands for Global System for Mobile Communications) over its 20-year history. Industry lobby group GSMA said on Tuesday it did not expect the new findings to affect its views on the security of the technology. It’s sure nice and cozy to hear that this lobby group is unaffected, easily writing off tons of spam messages reaching millions customers’ as their own fault.

Malware, spyware, and viruses are on the rise, and like everywhere else, smartphone malware is popping up at an unprecedented rate as people put more and more valuable information on their devices, using them to hold corporate secrets, conduct banking and function as digital wallets. For some reason, Reuters fails to mention how vulnerable CDMA technology is today, but I’m sure it’s just a question of time.

Nohl’s report is expected to be presented at the Berlin convention that takes place just a few days after U.S. security think tank Strategic Forecasting Inc (Stratfor) said its website had been hacked and that some names of corporate subscribers had been made public. Activist hacker group Anonymous claimed responsibility. If there are any connections or not is anybody’s guess.

Then, Mobile networks of Germany’s T-Mobile and France’s SFR offer their clients the best protection against online criminals wanting to intercept their calls or track their movements, according to a new ranking Nohl will unveil at his presentation.

The new ranking fancy survey and tool demoed at gsmmap.org, is conducted by security researchers who hope this will heighten the awareness of operators and consumers on the vulnerability of their mobile communications.

Researchers reviewed 32 operators in 11 countries, Nohl and Reuters tells us, and rated their performance based on how easy it was for them to intercept the calls, impersonate someone’s device or track the device. “None of the networks protects users very well,” Nohl said. The sample is set to grow from 32 carriers dramatically next year as the tool enables anyone to participate in data gathering by downloading measuring software to their phones.

Nohl said mobile telecom operators could easily improve their clients’ security, in many cases by just updating their software. Oh well, don’t they do that already? See you at the Berlin Security Conference of 2012 then, if nothing happens in between.


Posted in: Uncategorized

Leave a Comment