back to article 'Up to two BEEELLION' mobes easily hacked by evil base stations

The mechanisms used to update smartphone operating systems over the air are vulnerable to hijacking and abuse, researchers have claimed. Speaking at the Black Hat conference in Las Vegas on Thursday, the infosec bods believe up to two billion handsets are at risk, and that in some cases patches for the flaw still haven't been …

  1. Anonymous Coward
    Anonymous Coward

    Unclear

    The article leaves me confused so I have to do some digging later. Questions I would like to see answered are:

    - IS this a problem or WAS it?

    - what can be done by the user?

    - which phone platforms are susceptible right now?

  2. AMBxx Silver badge
    Joke

    Windows Phone?

    Is Windows Phone not mentioned because it's secure, or because they couldn't find someone who owned one?

    Nokia 520 owner, soon to upgrade to a 1020, but keeping my sense of humour!

    1. Anonymous Coward
      Anonymous Coward

      Re: Windows Phone?

      "Is Windows Phone not mentioned because it's secure, or because they couldn't find someone who owned one?"

      WP has a very secure approach - all updates must be signed and pass validation before they will be installed - and every new update to the OS effectively builds and re-encrypts itself onto a new partion from scratch - and has to pass all the secure boot start up checks - and then it securely transfers over and re-ecrypts your data...Hence also why even relatively small Windows Phone updates can take a while to install...

  3. Alan Denman

    re WIndows Phone

    er Accuvant have their Microsoft SDL Pro Network membership to think of !

  4. Alan Denman

    and if you think that means people like AVG , Avira etc etc you are well mistaken.

    I imagine it makes for lucrative consulting though Accuvant did tend tend to work for the high bidder before joining .

  5. Alan Denman

    confused = FUD.

    Its getting that way, more and more FUD stuff as opposed to clear info with clear fixes.

    That is if there was any real problem in the first place !

    1. Anonymous Coward
      Anonymous Coward

      Re: confused = FUD.

      well most GSM algorithms are already screwed completely, according to the GSMA. (Deutsche Telekom are the only ones rolling out A5/3, in DE and CZ) ask your local TELCO why they aren't using A5/3 yet!

      both cheap & expensive IMSI catchers are selling by the truck-load into the EU/UK

      Re-purposed USB TV-sticks are widely reported as being able to capture DECT, GSM & everything - bringing the entry-level for RF attacks down to around a fiver, that's £5!

      F = Fear in this case JUSTIFIED

      U = Uncertainty , again JUSTIFIED

      D = Doubt, I doubt that any telephone operators are going to solve all the GSM vulns overnight! but they could certainly start

  6. Tom 7

    Be worth it

    just for a bit of connectivity!

  7. Anonymous Coward
    Anonymous Coward

    iPhones on Sprint?

    I wonder how the heck the carrier could possibly make an iPhone using it vulnerable? Wish I knew more about this since I'm curious, but as I'm an AT&T customer it sounds like I'm safe from whatever is going on for Sprint customers...

    1. Sanctimonious Prick
      Devil

      Re: iPhones on Sprint?

      "it sounds like I'm safe"

      Dangerous assumption.

  8. Christian Berger

    Well looking at it more realistically...

    The "GSM" baseband is very complex adding layer upon layer of code trying to implement standards which are in part badly designed.

    Added to that is the principle that the network is always trustworthy, so those implementations were never tested against malevolent networks.

    What makes this a really big problem is that some mobile phone manufacturers use shared memory to have the baseband talk to the application processor. So if you take over the baseband CPU you'll likely be able to compromise the rest of the system.

  9. brooxta

    Recipe for disaster

    Ingredients:

    1x OMA-DM (with backdoor conveniently left open, or not fitted at all)

    1x stingray (fake mobile phone tower)

    Blend with Machiavellian malevolence to taste. You may like to add the odd cackle or two for good measure.

    The result:

    A deliciously effective means by which to crack citizens mobile phones en masse. I bet someone's thought of that before (and deployed and used it).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like