New Hack Makes Smartphones Mobile Spy Bugs

Thursday, January 20, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Ralf-Philipp Weinmann of the University of Luxembourg has identified an over-the-air attack that targets the GSM/3GPP stack enabling hackers to execute malicious code that can turn a smartphone into a mobile listening device.

Weinmann will present his findings at BlackHat 2011, revealing how the Android and Apple iPhone vulnerability can be exploited.

"I will demo how to use the auto-answer feature present in most phones to turn the telephone into a remote listening device," Weinmann said.

When the malicious code is executed via the baseband processor, the auto-answer feature can be utilized to enable the unit's microphone.

The baseband processor sends radio signals to communicate with the service provider network, and Weinman has identified flaws with the way the smartphone's chips process those signals on the GSM.

The exploit is unique in that it does not depend on attacking the unit's operating system. Ther attacker must first establish a bogus cellular tower for the device to connect to in order to carry off the baseband attack.

“Malicious base stations are not considered in the attack model assumed by the GSMA and the European Telecommunications Standards Institute (ETSI); similarly vendors of baseband stacks seem to not have taken malicious input from the network side into account,” Wienmann writes in the presentation abstract for the conference.

Source:  http://www.computerworld.com/s/article/9205318/Coming_soon_A_new_way_to_hack_into_your_smartphone

Possibly Related Articles:
10934
PDAs/Smart Phones
Hacks iPhone Privacy Vulnerabilities Mobile Devices Smart Phone Headlines Android GSM
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.