They found this 'problem' and then produced a marketable phone/ firewall!
In the real world is this really an issue or is this just scare mongering to help sell a product?
Vulnerabilities in the baseband processors of a wide range of mobile phones may allow attackers to inject malicious code, monitor calls, and extract confidential data stored on the device, according to recent research from mobile security experts. However, this would be extremely difficult to pull off. A three-year research …
In the real world is this really an issue or is this just scare mongering to help sell a product?
The latter. Risk = Impact x likelihood, and to perform on-air injections into baseband code a couple of factors need to occur at the same time:
- you must be local. You have to take over the phone-to-cell data stream. Bad marks there for providers, if we could lock a phone to stick to crypto only this would not be an issue to start with, but the GSM standard is broken so far that phones don't even show anymore when they go unencrypted. On the plus side, you don't need to be in view.
- you need seriously expensive kit. I may be wrong here, but the analysis kit I have seen costs the price of an upperclass car (think 6 digits and up), I'm not sure if your average softradio + OpenBTS combination will be up to this.
- you hope the target has a phone with the vulnerability or you're hosed. That requires research, but is not impossible to do.
- a data tap bug establishes more connections, which can be discovered. These discoveries tend to be triggered by an investigation into why battery life has dropped.
In summary, it seems like hard work. If you're prepared to do that much effort, a bit of social engineering and creativity will get you up close so you can just bug the target (which also helps with non-call conversations).
Now, the "solution". They start with Android, which pretty much hoses the concept from the start (iOS is only marginally better). Secondly, using a tech solution for a human problem starts an arms race, and the client who spends that much on a phone without bling will automatically draw attention to themselves - the opposite of what you want to achieve if you really seek discretion. There are better ways to waylay surveillance - "secure" phones (so far an unproven assertion by the supplier) are far too visible.
Would you trust a secure phone not be equipped "Clipper alike"? If I was in a nations intelligence service, that's exactly the phone I would backdoor as it would give me more focused intel.
Actually the cost for signalling attack hardware has now dropped to the cost of some cheap Motorola featurephone, about 15 Euros, or 70 Euros if you want to have the modification so you have better performance.
The USRP SDR based solutions or the ones based on actual BTSes are more expensive, but they enable you to do everything the network can do.
The subject(target) realized their Mac Air was under attack, and during the effort to regain control of the Mac, the attacker used the subject's own smart phone to re-acquire the Mac through blue-tooth. Now these were heavy hitters in what amounts to be an obvious(because of the subject's IP in security related products), attempt at either shutting down the business or stealing IP as in industrial espionage. Either way this person was put out of business, and cannot function in a modern IT world right now.
After seeing this, I can believe anything! I haven't got a link, because the user wants anonymity; which is understandable because of a certain standing in the security community.
Sometime last year, an organisation called HTC pushed out a software change to my Incredible-S phone, codenamed 'ICS Update', which noticeably slowed it down and changed the GUI in way that made it confusing to use as well as reducing the battery life.
They did this by using 'social engineering' in conjunction with an entity called Google that fed stories to the press saying that ICS was smoother and faster and had efficiencies that improved battery life, even on older phones. You have to be careful and you can't trust anyone.
I'm sorry, but just because software is old, it doesn't mean its good. Windows for example had perfectly well documented exploitable flaws in its API for decades (LNK Autostart "bug" used in Stuxnet).
Baseband code isn't looked at by many people. Large parts of it were developed in the early 1990s when people didn't know about security. It was never tested against malicious attackers.
In fact if you look into the whole picture, you will even find deliberate security holes. For example your operator can use the SIM toolkit to just change the number you are dialling to everything you want. This probably even works for other operators when you are roaming. Trusting that your call actually arrives at the number you have called is the trusted element in many "secure" systems. You'd be surprised how many PCAnywhere installations relied on call-back for security.
Mobile phones (both smart and dumb ones) aren't secure devices, they probably will never be. That's why the part the operators care about is in an extra module (the SIM). We need to stop thinking that those devices and networks are just secure black boxes.
Wife has a Huawei android handset. That thing gets OTA updates, officially signed and everything. That malware that gets installed manages to drop calls, lock up, shut itself off, reboot randomly. So much that I'm wondering why a haxor would want to mess with it (won't even stay up long enough to be useful.)
What do hackers think they can do... make it shut down more than it already does????
My other instinct is to ask "if the manufacturers can't even figure out how to write software, then how is a hacker going to do it?", but I think the answer there is that the manufacturers only really bother on the hardware, and software is an afterthought. So virtually anyone else could do better. Maybe they'll fix bugs instead?