Pages

Wednesday, December 28, 2011

How Hackers Remote-Control Phones To Make Calls And Send Texts Messages

The GSM network is the 'normal' mobile phone network - used by four billion phones worldwide, and accounting for 80 per cent of the global mobile market.

But a new vulnerability demonstrated by Karsten Nohl, head of Germany's Security Research Labs, shows that any phone on any GSM network is vulnerable to attack.

The new attack - which Nohl did not publish - allows hackers to control hundreds of thousands of mobile phones at once.

The attack allows hackers complete control over the handsets, and could be used to make or send texts to premium phone and messaging services - a typical fraudster attack which can leave victims with enormous bills.

Nohl said that although he refused to lay out details of how the attack worked, it was inevitable that hackers would reproduce it 'within weeks'.

'We can do it to hundreds of thousands of phones in a short timeframe,' Nohl said in advance of a presentation at a hacking convention in Berlin on Tuesday.

Security Research Labs said, 'GSM telephony is the world's most popular communication technology - connecting over four billion devices.'

'The security standards for voice and text messaging date back to 1990 and have never been overhauled.'

Similar attacks against a small number of smartphones have been done before, but the new attack could expose any cellphone using GSM technology.    

Such attacks are fairly common against corporate phone systems.

Fraudsters make calls to the numbers from hacked business phone systems or mobile phones, then collect their cash and move on before the activity is identified.  

The phone users typically don't identify the problem until after they receive their bills and telecommunications carriers often end up footing at least some of the costs. 

Even though Nohl will not present details of attack at the conference, he said hackers will usually replicate the code needed for attacks within a few weeks. 

1 comment: