Could GSM phones have a major security flaw?

Could GSM phones have a major security flaw?
Prior to the opening of a hacking convention that started today in Berlin, Karsten Nohl, head of Germany's Security Research Labs, said that all GSM phones could potentially be used without the owner's knowledge, to make phone calls and send out text messages. 80% of phones globally are GSM powered, although that figure is much lower in the States where AT&T and T-Mobile are the top GSM carriers. Verizon and Sprint use another form of cellular technology known as CDMA.

Speaking to Reuters prior to making his speech at the convention in Berlin, Nohl said that attacks on hundreds of thousands of phones could be done in a "short timeframe." In Eastern Europe, Africa and Asia, attacks on corporate landlines have occurred. One common fraud uses premium-service numbers similar to the "976" numbers that at one time were popular in the States. Those involved in the fraud hack into a company's phone system and dial the premium-service number countless times, According to the Reuters report, the fraudsters collect their money, close up shop and re-open somewhere else. The company never finds out about the hacking until they get their phone bill and usually some arrangement is made with the phone company having to eat some of the charges. Nohl has said that he will not go over the details of the attack during the conference.

What Nohl will discuss at the conference is the rankings that show Germany's T-Mobile and France's SFR at the top of a list of mobile carriers that offer their customers the best protection against a hack attack. 32 carriers in 11 countries outside of the U.S. were tested by researchers on how easy it was to intercept a call, track another person's device and even impersonate another person's mobile phone. The result?

"None of the networks protects users very well," Nohl said, "Mobile network is by far the weakest part of the mobile ecosystem, even when compared to a lot attacked Android or iOS devices." But there is some hope. Nohl said that carriers could improve their security by merely updating their software.


The rankings at the sourcelink allows consumers to see how their carrier fared in the test, if they were part of the study. The site also allows anyone to participate in tracking the security of their mobile carrier, which is why much more than 32 carriers are expected to be tested for next year's report.

source: GSMMap.org via Reuters

FEATURED VIDEO

10 Comments

1. brenner182

Posts: 29; Member since: Dec 07, 2011

Well this is bad news bears all over the place.

6. tuminatr

Posts: 1158; Member since: Feb 23, 2009

the simple answer is yes, I don't remember witch collage tech lab successfully cloned sim cards and intercepted and listened to calls over the air about five years ago

2. Conan_Kudo

Posts: 19; Member since: Dec 21, 2011

Most carriers didn't upgrade their security algorithms when they made the transition to UMTS from 2G GSM. So... yeah... We've known about this for a long time now...

3. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

Well, I don't have GSM service, and if memory serves, CDMA has yet to be hacked, so I am feeling pretty good. Bummer for the GSM folks, however. Especially if the security hole is due to carrier laziness. Nothing like a lawsuit to compel the carriers to tighten up their security.

4. networkdood

Posts: 6330; Member since: Mar 31, 2010

I doubt anyone has been able to do this with AT&T GSM phones.

5. G2Noobin

Posts: 81; Member since: Dec 17, 2011

I just wanted to say droid x doug i accidently hit the thumbs down and not up.....so phantom thumbs up and on an account of false pressing thumbs down. lolz. Iphone is only great cuz people that are not tech savy enjoy structure, those who are tech savy enjoy freedom. That could be applied to society, people with very little knowledge on how to live enjoy structure, those that know them selves and limits, enjoy societal freedom. You could almost talk about soul evolution here. young souls are numb to experience, and old souls well they are just old.

7. arcq12

Posts: 733; Member since: Oct 13, 2011

iPhone definitely has a lot of tech savy users, proof?? Cydia and its 3rd party apps.. theres also a huge jailbreaking community out there.. bottom line is, both Android and iOS has their own tech savy users and those who just doesnt give a sh*t and just wanna use their phone normally..

8. toaster

Posts: 114; Member since: Sep 13, 2011

Um... what?

9. LordBonztie

Posts: 52; Member since: Nov 14, 2011

been hacking gsm carriers for 5 years now. enjoying free internet. thank you.

10. ladyhaly

Posts: 106; Member since: Jan 17, 2011

This sucks for people living in developing countries, since the corporate companies on the said locations don't listen to anyone. They just like to make a lot of money for themselves... Never mind the consumers, who do not have an option btw.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.