In Arlington, at the Black Hat Technical Security Conference, it was demonstrated that in many GSM-based smart phones, the software is vulnerable to remote exploits. We all know that GSM is the acronym for Global System for Mobile Communication standard and is used by many popular smart phones such as the Apple iPhone and Android-based devices.
A researcher at the University of Luxembourg, Ralf-Philipp Weinmann showed the vulnerabilities in his phone by launching an exploit of overflow vulnerabilities. He is a reverse engineer and spent many years doing his research on GSM codes to find vulnerabilities.
He used a phony base station to connect his phone and caused it to crash. He showed that when he activated the auto answer feature, he failed. He explained that this happened due to vulnerabilities and he added that there is always a 50 percent chance of success with each attempt. He also added that all these vulnerabilities are very easy to access. One can easily exploit using open-source code and $1000 worth of hardware. Phones are an easy target for hackers and especially smart phones due to their ability to contain larger amount of information and also they are accessible to more network resources.
It was a very old prediction that cell phones and other mobile computing devices would be more vulnerable to hacking, but still we have not seen any wide-scale threats. Weinmann used the GSM signaling connection for his attacks. He used the connection to deliver commands over the interface. Most of the GSM codebase stacks date to the 1990s and there is a very low protection against new threats. He said that now he is using better tools and the process is shortened to months. He also started patching the software but still many of them are vulnerable to threats.
To do his process, he created a smaller cellular base station. He did not impersonate a carrier in his demonstration but he found that a number of audience members’ phones were connecting to his base station. The reason is simple; there was no other cellular access available in the room. He explained the idea and said that a malevolent base station could have a range of mile or more depending on the antenna. When the base station established the connection, the attack can be done quickly.