Cell Phones Are Vulnerable to Hacking

According to a report by the Associated Press, researchers announced, at Black Hat cybersecurity conference in Las Vegas, a devastating, self-propogating technique that would allow hackers to remotely hijack almost any GSM phone including iPhone.

Discovered by security researchers Zane Lackey and Luis Miras, the hack uses specially crafted SMS text messages that bypasses anti-spoofing protection in cell phones.

The fact that text messages appear on mobile phones without any interaction from the user, and sometimes with limited interference from the cellular network operators, can give criminals an opening to break into those devices.

The result is that almost any GSM phone can potentially be hacked, and any hacker who knows how to send the SMS burst can potentially send your phone hidden commands, profile your phone or even remotely disable your ability to receive calls or text messages.

Apple Inc.'s iPhones and phones running Microsoft Corp.'s Windows Mobile and Google Inc.'s Android operating systems were all shown to be vulnerable. In some cases, the problems weren't with software, but the way cellular networks process messages.

The findings are troubling as people increasingly use their phones for handling sensitive data, like e-mail and online banking. Phones are morphing into mini-computers, which means they're going to start getting attacked like PCs.

In some respects, phones are relatively safer. Cellular carriers control their networks more tightly than anyone controls the Internet, so they're in a better position to stop new types of attacks that crop up.

Telling the difference between harmful and legitimate traffic can be tricky, though. And anonymity still is possible given the proliferation of prepaid plans that don't require long-term contracts; a carrier can trace an attack to a particular phone but not necessarily to a particular person.

The techniques demonstrated Thursday show that even disciplined and safety-conscious users could have their phones hacked because they can't totally control what's coming into them, reported AP.

Innocent people could have their smart phones knocked offline, commanded to visit sites hosting pornography or viruses, or even turned into remote-controlled subordinates of a criminal gang behind an attack.

In response, Apple issued a software fix Friday. The company said users will be prompted to download the fix when they plug their iPhones into their computers. Microsoft said it is investigating the matter. Google confirmed that its vulnerability was fixed.

The researchers said spammers have latched onto this type of attack in Europe and Asia. They said the problem they found wasn't in the Windows Mobile software on the devices, but rather in the way the manufacturer configured software settings on some phones, allowing anyone to send certain messaging commands to them, reported AP.

(July 31, 2009)

Best cell phone plans | Cell phone packages