Saint Andrew’s Hacking Paradise

80 Percentage of GSM Phones Vulnerable to Remote Access

Karsten Nohl,German Researcher have found a vulnerability in GSM mobile phones that allow hackers to gain the Remote access and instruct them to send SMS or make call.

"The GSMA and its mobile network operator members are confident in the security of existing 2G GSM networks and real attacks on real networks against real customers are most unlikely," it said in a statement, adding that newer technologies are safer and not impacted by the new research.

Similar attacks against a small number of smartphones have been done before, but this new attack can affect any cellphone using GSM technology.

"We can do it to hundreds of thousands of phones in a short time frame," Nohl told Reuters ahead of a presentation on the topic at a hacking convention in Berlin on Tuesday.

Each GSM command is exactly 23 bytes long. In most cases, Nohl said that leaves room for carriers to send random data that makes messages harder to intercept. However, some messages use the full 23 bytes requiring a more sophisticated workaround to make things secure.

Researchers analyzed 32 operators in 11 countries(Austria, Belgium, the Czech Republic, France, Germany, Hungary, Italy, Morocco, Slovakia, Switzerland and Thailand) for this kind of vulnerability and protection. The result is Negative , Nohl says "None of the networks protects users very well".

Nohl said mobile telecom operators could easily improve their clients' security, in many cases by just updating their software.

"Mobile network is by far the weakest part of the mobile ecosystem, even when compared to a lot attacked Android or iOS devices," Nohl added.

Do you have questions, comments, or suggestions? Feel free to post a comment!