New Heist - Your Conversations and Text Messages

Wednesday, January 12, 2011

Theresa Payton

D13f77e036666dbd8f93bf5895f47703

The good guys strike again. I have said before that technology functionality typically outpaces the ability to secure it. 

Good guys are constantly trying to think like the bad guys to expose weaknesses that put you at risk.

Also, the term "hacker" has been hijacked and is associated with bad guys.  A hacker is someone who knows how to break into a system to override it.  This skill can be used for good, or for evil.  It's at the hands of the person's moral compass.

Two cybersecurity good-guy hackers worked on cell phone vulnerabilities for roughly a year designing ways to think like bad guys to see if they could steal text messages. 

They recently accomplished this feat and showed how they could steal text messages from any phone within 20 seconds.  Wow!

The demonstration:

1.  The hacker sends a ghost text message  to a target phone which does NOT show up on the phone

2.  By sending the message to the target phone, they are able to obtain the unique id number on the phone

3.  Once they grab the id number, the recorded phone conversations and texts from that phone

4.  The demonstration took place on the GSM Network which houses roughly 80% of all phones globally. (GSM - Global System for Mobile)

So, is this affordable or scalable?  What was the cost of the technology?  You'll be surprised:

Roughly 36 British Sterling for the 4 Motorola phones ($56.09 US) and some sweat equity in programming.

The good-guy hackers did this as a wake up call to the mobile security industry.  It should also be a wake up call to consumers, businesses, and government agencies.

Great quote from one of the researchers pulled from the Security News Daily: “This is all a 20-year-old infrastructure, with lots of private data and not a lot of security,” Karsten Nohl.

Sources:

"Cybersecurity Experts Create Program That Steals Text Messages", Matt Liebowtiz, Security News Daily, January 4, 2011.

"GSM Phones Vulnerable to Hacking, Claim Researchers", John Plunkett, The Guardian, December 31, 2010.

Cross-posted from Fortalice

Possibly Related Articles:
15064
PDAs/Smart Phones
Privacy Mobile Devices GSM hackers Text Messages
Post Rating I Like this!
D13f77e036666dbd8f93bf5895f47703
Theresa Payton Shawn, thanks for sending the link!
1294858213
059d3bdea9e3ebd6304856af36ec76f4
Shiv Ram This is an eye opener. I have been arguing for encrypting information that cannot be viewed from an un-registered device.
1294862826
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.