Smartphone hacks have been on the rise as the iPhone and Android phones get more popular, but now there’s an even newer, scarier threat: Hacking the cell-phone signal itself.
Ralf-Philipp Weinmann of the University of Luxembourg showed off a pretty neat proof-of-concept hack at the Black Hat D.C. conference in Washington, D.C. Wednesday (Jan. 19).
In a presentation entitled “ The Baseband Apocalypse,” he set up his own cellular base station and was able to message all the iPhones in the room, asking them to join his new network.
Had the iPhones’ users accepted his invitation, Weinmann would have been able to inject a firmware update into the chips used to run the basic radio signals (“baseband”) in and out of the phones.
That firmware would have switched on the phones’ auto-answer feature, which would have let Weinmann silently dial into the phone and remotely listen to anything nearby.
It’s not just iPhones that are vulnerable, Weinmann explained. Most phones, “smart” or not, running on the AT&T Wireless or T-Mobile networks in the U.S. are vulnerable, as are most European mobile phones.
The problem is that the GSM standard that governs second-generation (“2G”) communications on those networks is 20 years old and wasn’t designed to guard against malicious base stations.
"[It's] like tipping over a rock that no one ever thought would be tipped over," one wireless hacker told IDG’s Robert McMillan.
Third-generation (“3G”) signals are unaffected, but almost all mobile phones will automatically drop down into 2G mode if 3G is not available.
The hack is pretty technical, as anyone carrying it out must both set up a cellular base station and know the specific workings of the various baseband chips used in mobile phones.
Open-source software has reduced the cost of setting up a fully working base station to about $2,000, putting the hack within the budget of anyone who really wanted to eavesdrop on a corporate or governmental meeting.
"You want to get phones not just used by the teenage crowd but [by] executives,” Weinmann told his audience at Black Hat D.C.
Most Verizon Wireless, Sprint, U.S. Cellular and MetroPCS phones, including Verizon’s upcoming iPhone, are immune to GSM hacks, since they run on the incompatible CDMA standard. But some “dual-band” smartphones have GSM chips that kick in when a CDMA network cannot be found.
Rumors are that the Verizon iPhone 5, likely to be unveiled in June, will have both CDMA and GSM chips. If so, it would be ironic that one of the world’s most advanced phones could be brought down by one of the oldest cellular security flaws.
- Security and Privacy Software Reviews
- Mobile Security Software Review
- Hear That? It’s Your Bank PIN Being Stolen