Could GSM phones have a major security flaw?
Prior to the opening of a hacking convention that started today in Berlin, Karsten Nohl, head of Germany's Security Research Labs, said that all GSM phones could potentially be used without the owner's knowledge, to make phone calls and send out text messages. 80% of phones globally are GSM powered, although that figure is much lower in the States where AT&T and T-Mobile are the top GSM carriers. Verizon and Sprint use another form of cellular technology known as CDMA.
Speaking to Reuters prior to making his speech at the convention in Berlin, Nohl said that attacks on hundreds of thousands of phones could be done in a "short timeframe." In Eastern Europe, Africa and Asia, attacks on corporate landlines have occurred. One common fraud uses premium-service numbers similar to the "976" numbers that at one time were popular in the States. Those involved in the fraud hack into a company's phone system and dial the premium-service number countless times, According to the Reuters report, the fraudsters collect their money, close up shop and re-open somewhere else. The company never finds out about the hacking until they get their phone bill and usually some arrangement is made with the phone company having to eat some of the charges. Nohl has said that he will not go over the details of the attack during the conference.
was to intercept a call, track another person's device and even impersonate another person's mobile phone. The result?
source: GSMMap.org via Reuters
What Nohl will discuss at the conference is the rankings that show Germany's T-Mobile and France's SFR at the top of a list of mobile carriers that offer their customers the best protection against a hack attack. 32 carriers in 11 countries outside of the U.S. were tested by researchers on how easy it
The countries involved in the security test
"None of the networks protects users very well," Nohl said, "Mobile network is by far the weakest part of the mobile ecosystem, even when compared to a lot attacked Android or iOS devices." But there is some hope. Nohl said that carriers could improve their security by merely updating their software.
Things that are NOT allowed: