A Berlin-based security expert has found a new exploit that allows mobile phones to be hijacked and to make calls and send text messages to premium rate numbers without the owner’s knowledge. This security warning comes two years after the same expert cracked the secret code that is supposed to prevent GSM mobile phone calls being intercepted.
Karsten Nohl presented his findings at the Chaos Computer Club conference this week, and is pressuring mobile phone networks across the globe to implement security measures to help prevent these attacks and protect their users. These systems were built twenty years ago when hackers had much less processing power at their disposal than even what is available in modern smartphones – and the networks need to be upgraded as exploits are found. This hack has a very low barrier of entry today, with a European government agency able to reproduce the hack in only an hour once Nohl shared the information.
Vodafone and Deutsche Telekom have both quietly started to upgrade their GSM-based network security after Nohl demonstrated his previous attack of phone call interception two years ago – but more is need. The progress of European network providers in protecting their networks is available at the GSMMap website set up by Germany’s Security Research Labs where Nohl is a cryptography expert.