Could GSM phones have a major security flaw?

Could GSM phones have a major security flaw?
Prior to the opening of a hacking convention that started today in Berlin, Karsten Nohl, head of Germany's Security Research Labs, said that all GSM phones could potentially be used without the owner's knowledge, to make phone calls and send out text messages. 80% of phones globally are GSM powered, although that figure is much lower in the States where AT&T and T-Mobile are the top GSM carriers. Verizon and Sprint use another form of cellular technology known as CDMA.

Speaking to Reuters prior to making his speech at the convention in Berlin, Nohl said that attacks on hundreds of thousands of phones could be done in a "short timeframe." In Eastern Europe, Africa and Asia, attacks on corporate landlines have occurred. One common fraud uses premium-service numbers similar to the "976" numbers that at one time were popular in the States. Those involved in the fraud hack into a company's phone system and dial the premium-service number countless times, According to the Reuters report, the fraudsters collect their money, close up shop and re-open somewhere else. The company never finds out about the hacking until they get their phone bill and usually some arrangement is made with the phone company having to eat some of the charges. Nohl has said that he will not go over the details of the attack during the conference.

What Nohl will discuss at the conference is the rankings that show Germany's T-Mobile and France's SFR at the top of a list of mobile carriers that offer their customers the best protection against a hack attack. 32 carriers in 11 countries outside of the U.S. were tested by researchers on how easy it was to intercept a call, track another person's device and even impersonate another person's mobile phone. The result?

"None of the networks protects users very well," Nohl said, "Mobile network is by far the weakest part of the mobile ecosystem, even when compared to a lot attacked Android or iOS devices." But there is some hope. Nohl said that carriers could improve their security by merely updating their software.


The rankings at the sourcelink allows consumers to see how their carrier fared in the test, if they were part of the study. The site also allows anyone to participate in tracking the security of their mobile carrier, which is why much more than 32 carriers are expected to be tested for next year's report.

source: GSMMap.org via Reuters

FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless