Using a GSM phone? Beware it's prone to hacking

London: Using a GSM mobile phone? Beware, it is highly vulnerable to hacking, a security expert has warned. The GSM (Global System for Mobile Communications) network is the “normal” mobile phone network used by over four billion phones worldwide, accounting for 80 percent of the global mobile market. But Karsten Nohl, head of Germany’s Security Research Labs, demonstrated that all mobile phones on this widely used wireless technology is open to attack, which allows hackers to gain complete control of the handsets and use them to send text messages or make calls. “We can do it to hundreds of thousands of phones in a short time frame,” Nohl was quoted by the Daily Mail as saying at a convention in Berlin today. [caption id=“attachment_167703” align=“alignleft” width=“380” caption=“Security experts have previously identified a small number of viruses designed to infect smartphones, allowing hackers to take control of the devices and force them to make calls or send text messages. Reuters”]  [/caption] Nohl is a well-regarded expert on mobile security who last year identified a bug in GSM technology that makes calls vulnerable to tapping. He says he is calling attention to these flaws to pressure the industry into beefing up the security of their products. Mobile security is a hot issue because hackers are paying unprecedented attention to the devices as smartphone sales have outpaced sales of PCs. Security Research Labs said, “GSM telephony is the world’s most popular communication technology — connecting over four billion devices.” “The security standards for voice and text messaging date back to 1990 and have never been overhauled.” Similar attacks against a small number of smartphones have been done before, but the new attack could expose any cellphone using GSM technology. Such attacks are fairly common against corporate phone systems.Fraudsters make calls to the numbers from hacked business phone systems or mobile phones, then collect their cash and move on before the activity is identified. The phone users typically don’t identify the problem until after they receive their bills and telecommunications carriers often end up footing at least some of the costs. Even though Nohl will not present details of attack at the conference, he said hackers will usually replicate the code needed for attacks within a few weeks. Smartphone malware is popping up at an unprecedented rate as people put more and more valuable information on the devices, using them to hold corporate secrets, conduct banking and function as digital wallets. GSM became the dominant mobile technology globally in the late 1990s and even though new, faster mobile networks have been rolled out across the world, operators have stuck to their GSM networks to support older phones and to offer service when new networks fail. The Berlin convention takes place just days after US security think tank Strategic Forecasting Inc said its website had been hacked and that some names of corporate subscribers had been made public. Activist hacker group Anonymous claimed responsibility. Attacks on corporate landline phone systems are fairly common, often involving bogus premium-service phone lines that hackers set up in countries in Eastern Europe, Africa and Asia. Fraudsters make calls to the numbers from hacked business phone systems or mobile phones, then collect their cash and move on before the activity is identified. The phone users typically do not realise the problem until after they receive their bills, and telecommunications carriers often end up footing at least some of the costs. T-MOBILE, SFR LEAD NEW RANKING Mobile networks of Germany’s T-Mobile  and France’s SFR offer their clients the best protection against online criminals wanting to intercept their calls or track their movements, according to a new ranking Nohl will unveil at his presentation. The new ranking, at gsmmap.org, is conducted by security researchers, who hope this will heighten the awareness of operators and consumers on the vulnerability of their mobile communications. Researchers reviewed 32 operators in 11 countries and rated their performance based on how easy it was for them to intercept the calls, impersonate someone’s device or track the device. “None of the networks protects users very well,” Nohl said. The sample is set to grow from 32 carriers dramatically next year as the tool enables anyone to participate in data gathering by downloading measuring software to their phones. Nohl said mobile telecom operators could easily improve their clients’ security, in many cases by just updating their software. Researchers reviewed operators in Austria, Belgium, the Czech Republic, France, Germany, Hungary, Italy, Morocco, Slovakia, Switzerland and Thailand. Agencies