Science News
from research organizations

Undetected evesdropping on cell phones: Common errors in cell phone programming can leave phones vulnerable

Date:
December 9, 2010
Source:
Université du Luxembourg
Summary:
A new class of attacks against mobile phones has been noted. Using a base transceiver station (available for 1000 euro) a researcher showed how common programming errors in the communication stack of mobile phones can be exploited to gain control of the devices.
Share:
       
FULL STORY

A researcher at the University of Luxembourg has demonstrated a new class of attacks against mobile phones at the security conference DeepSec in Vienna. Using a base transceiver station (available for 1000 euro) he has shown how common programming errors in the communication stack of mobile phones can be exploited to gain control of the devices.

Ralf-Philipp Weinmann found devastating flaws in a large percentage of cellular communication stacks. According to him, sufficiently motivated attackers are able to attack phones in a way that is almost undetectable. Vulnerable cell phones can be taken over if they are within the range of the rogue transceiver, which may mean hundreds of phones at a time in crowded urban areas. Attackers can cause billing problems by either dialing premium numbers or sending text messages to premium services; or they can monitor the complete communications of the cell phone user.

Eavesdropping on nearby cell phones is also possible by making the vulnerable cell phone pick up incoming calls automatically -- without the user noticing.The attacking transceiver needs to be online for just a couple of seconds to perform the attack.

The University of Luxembourg, is working together with a number of vendors for both cellular communication chips and mobile phones. The objective is to fix the security flaws found and to prevent similar flaws from happening in the future.


Story Source:

The above story is based on materials provided by Université du Luxembourg. Note: Materials may be edited for content and length.


Cite This Page:

Université du Luxembourg. "Undetected evesdropping on cell phones: Common errors in cell phone programming can leave phones vulnerable." ScienceDaily. ScienceDaily, 9 December 2010. <www.sciencedaily.com/releases/2010/12/101209074201.htm>.
Université du Luxembourg. (2010, December 9). Undetected evesdropping on cell phones: Common errors in cell phone programming can leave phones vulnerable. ScienceDaily. Retrieved May 29, 2015 from www.sciencedaily.com/releases/2010/12/101209074201.htm
Université du Luxembourg. "Undetected evesdropping on cell phones: Common errors in cell phone programming can leave phones vulnerable." ScienceDaily. www.sciencedaily.com/releases/2010/12/101209074201.htm (accessed May 29, 2015).

Share This Page: