Any mobile on any GSM network is open to the new attack, says German researcher Karsten Nohl - giving hackers control of handsets to make calls and send messages at will. Hundreds of thousands of handsets can be controlled very rapidly
*Any phone on GSM network is open to new attack
*Gives hackers total control instantly
*No details published - but hackers will be able to use attack 'within weeks' says researcher
*Security on networks 'dates to 1990'
Any mobile on any GSM network is open to the new attack, says German researcher Karsten Nohl – giving hackers control of handsets to make calls and send messages at will. Hundreds of thousands of handsets can be controlled very rapidly
The GSM network is the ‘normal’ mobile phone network – used by four billion phones worldwide, and accounting for 80 per cent of the global mobile market.
But a new vulnerability demonstrated by Karsten Nohl, head of Germany’s Security Research Labs, shows that any phone on any GSM network is vulnerable to attack.
The new attack – which Nohl did not publish – allows hackers to control hundreds of thousands of mobile phones at once.
The attack allows hackers complete control over the handsets, and could be used to make or send texts to premium phone and messaging services – a typical fraudster attack which can leave victims with enormous bills.
Nohl said that although he refused to lay out details of how the attack worked, it was inevitable that hackers would reproduce it ‘within weeks’.
We can do it to hundreds of thousands of phones in a short timeframe,’ Nohl said in advance of a presentation at a hacking convention in Berlin on Tuesday.
Security Research Labs said, ‘GSM telephony is the world’s most popular communication technology – connecting over four billion devices.’
The security standards for voice and text messaging date back to 1990 and
have never been overhauled.’
Similar attacks against a small number of smartphones have been done before, but the new attack could expose any cellphone using GSM technology.
Such attacks are fairly common against corporate phone systems.
Fraudsters make calls to the numbers from hacked business phone systems or mobile phones, then collect their cash and move on before the activity is identified.
The phone users typically don’t identify the problem until after they receive their bills and telecommunications carriers often end up footing at least some of the costs.
Even though Nohl will not present details of attack at the conference, he said hackers will usually replicate the code needed for attacks within a few weeks.