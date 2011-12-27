* Flaw in GSM standard gives criminals access to any phone -
researcher
* Researchers launch security-based telco ranking
* Germany's T-Mobile, France's SFR among most secure
By Tarmo Virki
BERLIN, Dec 27 Vulnerability in a widely
used wireless technology could allow hackers to gain remote
control of phones And instruct them to send text messages or
make calls, according to an expert on mobile phone security.
They could use the vulnerability in the GSM network
technology, which is used by billions of people in about 80
percent of the global mobile market, to make calls or send texts
to expensive, premium phone and messaging services in scams,
said Karsten Nohl, head of Germany's Security Research Labs.
Similar attacks against a small number of smartphones have
been done before, but the new attack could expose any cellphone
using GSM technology.
"We can do it to hundreds of thousands of phones in a short
timeframe," Nohl told Reuters in advance of a presentation at a
hacking convention in Berlin on Tuesday.
The convention takes place just days after U.S. security
think tank Strategic Forecasting Inc (Stratfor) said its website
had been hacked and that some of the names of corporate
subscribers had been made public. Activist hacker group
Anonymous claimed responsibility.
Attacks on corporate landline phone systems are fairly
common, often involving bogus premium-service phone lines that
hackers set up across Eastern Europe, Africa and Asia.
Fraudsters make calls to the numbers from hacked business
phone systems or mobile phones, then collect their cash and move
on before the activity is identified.
The phone users typically don't identify the problem until
after they receive their bills and telecommunications carriers
often end up footing at least some of the costs.
Even though Nohl will not present details of attack at the
conference, he said hackers will usually replicate the code
needed for attacks within a few weeks.
T-MOBILE, SFR LEAD RANKING
Mobile networks of Germany's T-Mobile and
France's SFR offer their clients best protection
against online criminals wanting to intercept their calls or
track their movements, shows a new ranking Nohl will demonstrate
at his presentation.
The new ranking, at gsmmap.org, lets consumers to see how
their operators are performing and lets anyone to participate in
measurement of their carriers' security.
Researchers reviewed 32 operators in 11 countries and rated
their performance based on how easy it was for them to intercept
the calls, impersonate someone's device or track the device.
"None of the networks protects users very well," Nohl said.
The sample is set to grow from 32 carriers dramatically next
year as the tool enables anyone to participate in gathering of
the data.
Nohl said mobile telecom operators could easily improve
their clients' security, in many cases by just updating their
software.
"Mobile network is by far the weakest part of the mobile
ecosystem, even when compared to a lot attacked Android or iOS
devices," he said.
Researchers reviewed operators in Austria, Belgium, the
Czech Republic, France, Germany, Hungary, Italy, Morocco,
Slovakia, Switzerland and Thailand.