New exploit could remotely control any GSM phone
updated 08:10 am EST, Tue December 27, 2011
GSM may be open to remote control hack
Security Research Labs has warned of a vulnerability in the GSM phone standard that could be used to remotely control a cellphone. The trick, which will get more attention beyond the Reuters tip until a convention in Berlin later on Tuesday, could let an attacker make the phone call or text someone. It's not clear if it could also compromise data on smartphones.
The attack could nonetheless be rapid and target "hundreds of thousands" of devices in little time, SRL chief Karsten Nohl said.
GSM has been exploited before, but it was more limited in scope to finding the user's location. A mroe general opening such as this could increase the incentive to conduct a hack as well as widen reach to include more basic phones rather than just devices where the location is an advantage.
A successful attack would be a potential way to circumvent many of the security methods onboard devices, such as iOS' sandboxing and strict approval process as well as Google's basic permissions system in Android.
Fresh-Faced Recruit
Joined: Dec 2005
Here's an Idea
Why don't the major phone vendors and carriers pool their money and create an entity devoted to cracking their own products and systems. They could hire the best hackers and spoil them silly, awarding huge bonuses for discovering exploits like this one before others do. Our increasing dependence on smart phones requires new approaches be taken to ensure their security (especially if we start using them to make purchases at retail!). Having multiple super-hackers all in one place would also enable them to experiment with team-based strategies to uncover these vulnerabilities (admittedly that might take awhile), that might, in my opinion, eventually reap significant benefits.