IDG News Service - More than three years after the iPhone was first hacked, computer security experts think they've found a whole new way to break into mobile phones -- one that could become a big headache for Apple, or for smartphone makers using Google's Android software.
In a presentation set for next week's Black Hat conference in Washington D.C., University of Luxembourg research associate Ralf-Philipp Weinmann says he plans to demonstrate his new technique on an iPhone and an Android device, showing how they could be converted into clandestine spying systems. "I will demo how to use the auto-answer feature present in most phones to turn the telephone into a remote listening device," he said in an e-mail interview.
Weinmann says he can do this by breaking the phone's "baseband" processor, used to send and receive radio signals as the device communicates on its cellular network. He has found bugs in the way the firmware used in chips sold by Qualcomm and Infineon Technologies processes radio signals on the GSM (Global System for Mobile Communications) networks used by the majority of the world's wireless carriers.
This is a new area of research. Until recently, mobile phone attacks had focused on another part of the phone: the programs and operating systems that runs on the device's CPU. By tricking someone into visiting a malicious Web site, for example, hackers could take advantage of a Web browser bug on the phone and start messing around with the computer's memory.
With baseband hacking, security researchers are looking at a brand new way to get into this memory.
"[It's] like tipping over a rock that no one ever thought would be tipped over," said the Grugq -- a pseudonymous, but well-respected, wireless phone hacker, and one of a handful of people who have done research in this area. "There are a lot of bugs hidden there," he said, "It is just a matter of actively looking for them."
But hacking a smartphone with a baseband attack is very tricky, to say the least. The mobile phone's radio communicates with a cell phone tower. So in Weinmann's attack, he has to first set up a fake cell phone tower and then convince his target phone to connect to it. Only then can he deliver his malicious code. And even then, the malicious code he writes must run on the firmware that's used by obscure radio processors -- something that most hackers know nothing about.
"This is an extremely technical attack," said Don Bailey, a security consultant with Isec Partners. He says that while the work on baseband hacking is very exciting -- and ultimately a big deal for the mobile phone industry -- he doesn't expect any attacks that target the general public to emerge anytime soon.
Free Insider Guide
The old PacBell building at 140 New Montgomery Street, San Francisco, (@140nm) was wired for connectivity long before the needs of a tenant like Yelp would make 21st century demands. But even this telecom landmark needs some major infrastructure improvements to support the companies it expects to move in soon. more
Copyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
