Could GSM phones have a major security flaw?
Speaking to Reuters prior to making his speech at the convention in Berlin, Nohl said that attacks on hundreds of thousands of phones could be done in a "short timeframe." In Eastern Europe, Africa and Asia, attacks on corporate landlines have occurred. One common fraud uses premium-service numbers similar to the "976" numbers that at one time were popular in the States. Those involved in the fraud hack into a company's phone system and dial the premium-service number countless times, According to the Reuters report, the fraudsters collect their money, close up shop and re-open somewhere else. The company never finds out about the hacking until they get their phone bill and usually some arrangement is made with the phone company having to eat some of the charges. Nohl has said that he will not go over the details of the attack during the conference.
What Nohl will discuss at the conference is the rankings that show Germany's T-Mobile and France's SFR at the top of a list of mobile carriers that offer their customers the best protection against a hack attack. 32 carriers in 11 countries outside of the U.S. were tested by researchers on how easy it
"None of the networks protects users very well," Nohl said, "Mobile network is by far the weakest part of the
mobile ecosystem, even when compared to a lot attacked Android or iOS
devices." But there is some hope. Nohl said that carriers could improve their security by merely updating their software.
The rankings at the sourcelink allows consumers to see how their carrier fared in the test, if they were part of the study. The site also allows anyone to participate in tracking the security of their mobile carrier, which is why much more than 32 carriers are expected to be tested for next year's report.
source: GSMMap.org via Reuters