Unclear
The article leaves me confused so I have to do some digging later. Questions I would like to see answered are:
- IS this a problem or WAS it?
- what can be done by the user?
- which phone platforms are susceptible right now?
The mechanisms used to update smartphone operating systems over the air are vulnerable to hijacking and abuse, researchers have claimed. Speaking at the Black Hat conference in Las Vegas on Thursday, the infosec bods believe up to two billion handsets are at risk, and that in some cases patches for the flaw still haven't been …
"Is Windows Phone not mentioned because it's secure, or because they couldn't find someone who owned one?"
WP has a very secure approach - all updates must be signed and pass validation before they will be installed - and every new update to the OS effectively builds and re-encrypts itself onto a new partion from scratch - and has to pass all the secure boot start up checks - and then it securely transfers over and re-ecrypts your data...Hence also why even relatively small Windows Phone updates can take a while to install...
well most GSM algorithms are already screwed completely, according to the GSMA. (Deutsche Telekom are the only ones rolling out A5/3, in DE and CZ) ask your local TELCO why they aren't using A5/3 yet!
both cheap & expensive IMSI catchers are selling by the truck-load into the EU/UK
Re-purposed USB TV-sticks are widely reported as being able to capture DECT, GSM & everything - bringing the entry-level for RF attacks down to around a fiver, that's £5!
F = Fear in this case JUSTIFIED
U = Uncertainty , again JUSTIFIED
D = Doubt, I doubt that any telephone operators are going to solve all the GSM vulns overnight! but they could certainly start
The "GSM" baseband is very complex adding layer upon layer of code trying to implement standards which are in part badly designed.
Added to that is the principle that the network is always trustworthy, so those implementations were never tested against malevolent networks.
What makes this a really big problem is that some mobile phone manufacturers use shared memory to have the baseband talk to the application processor. So if you take over the baseband CPU you'll likely be able to compromise the rest of the system.
Ingredients:
1x OMA-DM (with backdoor conveniently left open, or not fitted at all)
1x stingray (fake mobile phone tower)
Blend with Machiavellian malevolence to taste. You may like to add the odd cackle or two for good measure.
The result:
A deliciously effective means by which to crack citizens mobile phones en masse. I bet someone's thought of that before (and deployed and used it).