Hackers equipped with inexpensive radio hardware and open source software can compromise your mobile phone, listen to your conversations, intercept your data, or rack up huge bills on premium services, all without you knowing.
Ralf-Philipp Weinmann, a cryptologist at the University of Luxembourg Laboratory of Cryptology and Security, has discovered a new type of over-the-air attack on mobile phones, and at the 2010 DeepSec conference in Vienna demonstrated how the exploit could be used against nearly any mobile phone.
Using a US$1,500 base transceiver station, Weinmann, who has previouslyexposed security weaknesses in the iPhone, demonstrated that common “devastating” programming errors in the Layer 3 communication stack of mobile devices can be exploited to gain control over the devices. He said that a motivated hacker could take advantage of these flaws to make an almost undetectable attack on the vast majority of cell phone models.
A base transceiver station is part of the cellular network that is typically found at the cell antenna site. Weinmann’s scenario calls for a cheap rogue transceiver that could be deployed in any crowded or sensitive area such as an airport, financial district, near embassies, and so on. The exploit would allow hackers to take control of mobile phones anywhere within the range of the rogue transceiver. The rogue transceiver only needs to be online for a few seconds to perform the attack.