http://blogs.pcmag.com/securitywatch/2010/12/sms_of_death_and_gsm_eavesdrop.php
The annual Chaos Communication Congress (CCC) in Berlin has seen revelations of an 'SMS of Death' attack against many conventional non-smartphones and a toolkit for eavesdropping on calls and text messages ob any GSM network.
The SMS of Death involves a malicious SMS text message to a phone which can effectively 'brick' the phone (make it useless). The research focused not on smart phones like the iPhone, but on less sophisticated phones like the Nokia N40, the Motorola RAZR and the Samsung S5230 Star and S3250. In some cases, the attack would disconnect the phone and force it to reboot; but since the phone did not acknowledge receipt of the message, the network would continue sending it.
The attack probably isn't as scary as the name implies. Attacks like this have been found many times in the past and are always dealt with by network providers by filtering at their end. This may have already been done in the case of the SMS of Death.
The GSM attack, described in this BBC story. GSM (Global System for Mobile communications) is the most popular network architecture for mobile telephone systems, servicing an estimated 5 billion devices and dominant outside of the US. Researchers Karsten Nohl and Silvain Munaut demonstrated at the CCC a kit which can locate any GSM phone by taking its unique ID and using it to intercept data transferred between the phone and base. They decrypt this transmission using a decryption tool using a 'rainbow key'. If such a technique works, it probably indicates a fundamental weakness in GSM encryption.
Hat tip on the GSM issue to Threatpost.
No comments:
Post a Comment