Attention B2B Marketers: Access 30 Million IT Decision Makers with a Custom Lead Generation Program Click to Learn More!
Welcome Guest | Sign In

Open Source in GSM Could Breed Mobile Mayhem

By Richard Adhikari LinuxInsider ECT News Network
Jan 18, 2011 5:00 AM PT

Mobile malware may grow as a security threat this year, but security researcher Ralf-Philipp Weinmann says there's a worse threat lurking around -- the GSM baseband system.

Open Source in GSM Could Breed Mobile Mayhem

The threat from hacking GSM baseband systems has been largely ignored, Weinmann reportedly told the audience at a presentation at the Black Hat security conference in Washington, D.C., Monday.

The advent of open source code for base station programming now lets hackers create their own base stations that will let them take over all smartphones within range in a scenario Weinmann calls the "baseband apocalypse."

What's With this Baseband Stuff?

In a cellphone network, the base station system handles traffic and signals between a mobile phone and the network subsystem. Base transceiver stations are found at cell antenna sites.

By creating a rogue base transceiver station using easily available open source baseband code, Weinmann has previously demonstrated that hackers can easily take over smartphones within the range of the rogue station.

Weinmann's found that Layer 3 of the GSM Um interface, which manages connectivity, mobility and radio resources, has many vulnerabilities that can be easily exploited. At Black Hat, he demonstrated what he claimed are the first over-the-air exploitations of memory corruption in GSM/3GPP stacks that allow malicious code to be executed on baseband processors.

Weinmann has made several presentations on the danger from GSM base station systems over the past year. He says neither the GSM Association nor the European Telecommunications Standards Institute have considered the possibility of hackers setting up or using malicious base stations to compromise mobile phones.

The GSM Association and AT&T, which uses GSM technology, did not respond to requests for comment by press time.

What Clear and Present Danger?

With the advent of inexpensive new hardware such as femtocells, the threat of someone setting up a rogue base transceiver station is increasing, Weinmann contended.

Wireless carriers in the United States are making femtocells readily available to consumers in hopes of broadening their coverage areas. AT&T, for example, offers the 3G MicroCell, which acts as a mini-cellular tower, to subscribers.

Weinmann's scenario has hackers setting up cheap rogue transceivers at busy sites such as airports or in the financial districts of cities, or near embassies.

Other security researchers, however, have questioned whether this constitutes a serious threat.

"GSM isn't being used for transmitting mission-critical data," Godfrey Chua, director of mobility at ACG Research, told LinuxInsider.

"Perhaps that's why it hasn't been a priority to be addresses," Chua added. "GSM systems are basically designed for voice."

Further, specifications for the GSM standard were published in 1990, well before wireless data transmission was envisioned, Chua said.

Weinmann did not respond to requests for comment by press time.

Facebook Twitter LinkedIn Google+ RSS
Content Marketing on ALL EC
How does the tech industry compare to other industries when it comes to diversity?
Tech firms have been working much harder than others to achieve diversity.
Tech is rife with sexism, racism, homophobia and other forms of discrimination.
The tech industry would be more inclusive if there were more qualified applicants.
Tech firms have made superficial efforts but they're mainly for show.
The push for diversity is a cultural fad, and there is no real problem.