Font Size

- Aa +

Tue 27 Dec 2011 05:18 PM

Font Size

- Aa +

Any GSM phone vulnerable to hacking, expert says

Telecom operators can improve their clients' security by just updating their software

Any GSM phone vulnerable to hacking, expert says
Phone users typically dont identify the problem until after they receive their bills

A well-known expert on mobile phone security says a vulnerability in a widely used wireless technology could allow hackers to gain remote control of phones, instructing them to send text messages or make calls.

They could use the vulnerability in the GSM network technology, which is used by billions of people in about 80 percent of the global mobile market, to make calls or send texts to expensive, premium phone and messaging services in scams, said Karsten Nohl, head of Germany's Security Research Labs.

Similar attacks against a small number of smartphones have been done before, but the new attack could expose any cellphone using GSM technology.

"We can do it to hundreds of thousands of phones in a short timeframe," Nohl said in advance of a presentation at a hacking convention in Berlin on Tuesday.

Attacks on corporate landline phone systems are fairly common, often involving bogus premium-service phone lines that hackers set up across Eastern Europe, Africa and Asia.

Fraudsters make calls to the numbers from hacked business phone systems or mobile phones, then collect their cash and move on before the activity is identified.

The phone users typically don't identify the problem until after they receive their bills and telecommunications carriers often end up footing at least some of the costs.

Even though Nohl will not present details of attack at the conference, he said hackers will usually replicate the code needed for attacks within a few weeks.

Mobile networks of Germany's T-Mobile and France's SFR offer their clients the best protection against online criminals wanting to intercept their calls or track their movements, shows a new ranking Nohl will demonstrate at his presentation.

The new ranking, at, lets consumers to see how their operators are performing and lets anyone to participate in measurement of their carriers' security.

Researchers reviewed 32 operators in 11 countries and rated their performance based on how easy it was for them to intercept the calls, impersonate someone's device or track the device.

"None of the networks protects users very well," Nohl said.

The sample is set to grow from 32 carriers dramatically next year as the tool enables anyone to participate in gathering of the data.

Nohl said mobile telecom operators could easily improve their clients' security, in many cases by just updating their software.

"Mobile network is by far the weakest part of the mobile ecosystem, even when compared to a lot attacked Android or iOS devices," he said.

Researchers reviewed operators in Austria, Belgium, the Czech Republic, France, Germany, Hungary, Italy, Morocco, Slovakia, Switzerland and Thailand.

For all the latest mobile phone news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.
NTO 8 years ago

The article is misleadingly titled. The phone is not vulnerable, it is the mobile operator that is the problem.
The writer should focus more on this since there is not a handset issue, but network security issues.
The user cannot protect themselves from a poorly managed network.

Telcoguy 8 years ago

First the phone is not vulnerable, what is vulnerable is the communcation between the network and the handset, Nohl cracked the encryption algorithm A5/1 some time ago, I think more than one year. What they did now was to build a phone emulator to fool the network. But this is really old news, there are in fact some patches for this but it seems operators are being slow on deploying them.
Anyone interested better google for the event that Reuters decided not to mention 28C3

langyaw 8 years ago

the analogy of a mobile phone (MP) on the telco's network can be likened to a PC on a computer network.
the network hacker attacks the network or other PCs on the network through a PC. the PC is the device.
the telco network hacker attacks the telco network also through the MP. the MP is the device.
the network hacker is able to attack the network because of vulnerabilities in the PC's OS. otherwise, no PC will be able to communicate effectively with the network if it treats all PCs as suspect. it is the same vice-versa. strengthening the PC makes it sluggish and inefficient even on its own.
the key, I believe are by the use of "signatures" much as eMails are legitimized by signatures, a phone call or SMS can also be recognized by the telco as legit if it bears the owner's signature, which can come via a biometric validation (what are phone cams for?)
such a step is, undoubtedly, an added encumbrance for the user, but it protects him, his phone, and the telco.