New Heist - Your Conversations and Text Messages

Wednesday, January 12, 2011

Theresa Payton


The good guys strike again. I have said before that technology functionality typically outpaces the ability to secure it. 

Good guys are constantly trying to think like the bad guys to expose weaknesses that put you at risk.

Also, the term "hacker" has been hijacked and is associated with bad guys.  A hacker is someone who knows how to break into a system to override it.  This skill can be used for good, or for evil.  It's at the hands of the person's moral compass.

Two cybersecurity good-guy hackers worked on cell phone vulnerabilities for roughly a year designing ways to think like bad guys to see if they could steal text messages. 

They recently accomplished this feat and showed how they could steal text messages from any phone within 20 seconds.  Wow!

The demonstration:

1.  The hacker sends a ghost text message  to a target phone which does NOT show up on the phone

2.  By sending the message to the target phone, they are able to obtain the unique id number on the phone

3.  Once they grab the id number, the recorded phone conversations and texts from that phone

4.  The demonstration took place on the GSM Network which houses roughly 80% of all phones globally. (GSM - Global System for Mobile)

So, is this affordable or scalable?  What was the cost of the technology?  You'll be surprised:

Roughly 36 British Sterling for the 4 Motorola phones ($56.09 US) and some sweat equity in programming.

The good-guy hackers did this as a wake up call to the mobile security industry.  It should also be a wake up call to consumers, businesses, and government agencies.

Great quote from one of the researchers pulled from the Security News Daily: “This is all a 20-year-old infrastructure, with lots of private data and not a lot of security,” Karsten Nohl.


"Cybersecurity Experts Create Program That Steals Text Messages", Matt Liebowtiz, Security News Daily, January 4, 2011.

"GSM Phones Vulnerable to Hacking, Claim Researchers", John Plunkett, The Guardian, December 31, 2010.

Cross-posted from Fortalice

Possibly Related Articles:
PDAs/Smart Phones
Privacy Mobile Devices GSM hackers Text Messages
Post Rating I Like this!
Theresa Payton Shawn, thanks for sending the link!
Shiv Ram This is an eye opener. I have been arguing for encrypting information that cannot be viewed from an un-registered device.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.