Mobile security is a hot issue as smartphone sales have outpaced PC sales. Smartphone malware is popping up at an unprecedented rate as people put more and more valuable information on their devices, using them to hold corporate secrets, conduct banking and function as digital wallets.
Hackers have taken notice and continue to find ways to breach the security of these devices.
Karsten Nohl, head of Berlin-based Security Research Labs, will be speaking at the Berlin hacking convention this week about the security vulnerabilities of GSM phones.
Nohl discovered flaws in a widely used wireless technology that could allow hackers to gain remote control of phones and instruct them to send text messages or make calls. Nohl is a well-regarded expert on mobile security who identified a bug last year in GSM technology that makes calls vulnerable to tapping. He says he is calling attention to these flaws to pressure the industry into beefing up the security of their products.
They could use the vulnerability in the GSM technology — which is used by most telecom operators globally and by billions of people — to make calls or send texts to expensive, premium phone and messaging services in scams.
Security experts have previously identified a small number of viruses designed to infect smartphones, allowing hackers to take control of the devices and force them to make calls or send text messages. But Nohl said he has discovered a way to leverage previously disclosed vulnerabilities in GSM technology that could potentially threaten hundreds of thousands of phones.
GSM became the dominant mobile technology globally in the late 1990s. Although new and faster mobile networks have been rolled out across the world, operators have stuck to their GSM networks to support older phones and to offer service when new networks fail.
The Berlin convention takes places just days after U.S. security think tank Strategic Forecasting Inc (Stratfor) said its website had been hacked and that some names of corporate subscribers had been made public. Activist hacker group Anonymous claimed responsibility.
Attacks on corporate landline phone systems are fairly common, often involving bogus premium-service phone lines that hackers set up in countries in Eastern Europe, Africa and Asia.
Fraudsters make calls to the numbers from hacked business phone systems or mobile phones. They collect their cash and are gone before the activity is identified.
The phone users generally aren’t aware of the problem until they receive their bills. Telecommunications carriers often end up paying for some of the costs.
Even though Nohl will not present all details of possible attacks at the conference, he said hackers will usually replicate the code needed for attacks within a few weeks.
Mobile networks of Germany’s T-Mobile and France’s SFR offer their clients the best protection against online criminals wanting to intercept their calls or track their movements, according to a new ranking Nohl will unveil at his presentation.
The new ranking, at gsmmap.org, is conducted by security researchers, who hope this will heighten the awareness of operators and consumers on the vulnerability of their mobile communications.
Researchers reviewed 32 operators in 11 countries and rated their performance based on how easy it was for them to intercept the calls, impersonate someone’s device or track the device.
“None of the networks protects users very well,” Nohl said.
The sample is set to grow from 32 carriers dramatically next year as the tool enables anyone to participate in data gathering by downloading measuring software to their phones.
Nohl said mobile telecom operators could easily improve their client’s security in many cases by just updating their software.
Read entire story@ yahoo
