Search, compare and review Enterprise Software applications and suppliers. Visit ALL EC Ecommerce Exchange today.
Welcome Guest | Sign In
Content Marketing on ALL EC

Open Source in GSM Could Breed Mobile Mayhem

By Richard Adhikari
Jan 18, 2011 5:00 AM PT

Mobile malware may grow as a security threat this year, but security researcher Ralf-Philipp Weinmann says there's a worse threat lurking around -- the GSM baseband system.

Open Source in GSM Could Breed Mobile Mayhem

The threat from hacking GSM baseband systems has been largely ignored, Weinmann reportedly told the audience at a presentation at the Black Hat security conference in Washington, D.C., Monday.

The advent of open source code for base station programming now lets hackers create their own base stations that will let them take over all smartphones within range in a scenario Weinmann calls the "baseband apocalypse."

What's With this Baseband Stuff?

In a cellphone network, the base station system handles traffic and signals between a mobile phone and the network subsystem. Base transceiver stations are found at cell antenna sites.

By creating a rogue base transceiver station using easily available open source baseband code, Weinmann has previously demonstrated that hackers can easily take over smartphones within the range of the rogue station.

Weinmann's found that Layer 3 of the GSM Um interface, which manages connectivity, mobility and radio resources, has many vulnerabilities that can be easily exploited. At Black Hat, he demonstrated what he claimed are the first over-the-air exploitations of memory corruption in GSM/3GPP stacks that allow malicious code to be executed on baseband processors.

Weinmann has made several presentations on the danger from GSM base station systems over the past year. He says neither the GSM Association nor the European Telecommunications Standards Institute have considered the possibility of hackers setting up or using malicious base stations to compromise mobile phones.

The GSM Association and AT&T, which uses GSM technology, did not respond to requests for comment by press time.

What Clear and Present Danger?

With the advent of inexpensive new hardware such as femtocells, the threat of someone setting up a rogue base transceiver station is increasing, Weinmann contended.

Wireless carriers in the United States are making femtocells readily available to consumers in hopes of broadening their coverage areas. AT&T, for example, offers the 3G MicroCell, which acts as a mini-cellular tower, to subscribers.

Weinmann's scenario has hackers setting up cheap rogue transceivers at busy sites such as airports or in the financial districts of cities, or near embassies.

Other security researchers, however, have questioned whether this constitutes a serious threat.

"GSM isn't being used for transmitting mission-critical data," Godfrey Chua, director of mobility at ACG Research, told LinuxInsider.

"Perhaps that's why it hasn't been a priority to be addresses," Chua added. "GSM systems are basically designed for voice."

Further, specifications for the GSM standard were published in 1990, well before wireless data transmission was envisioned, Chua said.

Weinmann did not respond to requests for comment by press time.

Facebook Twitter LinkedIn Google+ RSS
How do you feel about accidents that occur when self-driving vehicles are being tested?
Self-driving vehicles should be banned -- one death is one too many.
Autonomous vehicles could save thousands of lives -- the tests should continue.
Companies with bad safety records should have to stop testing.
Accidents happen -- we should investigate and learn from them.
The tests are pointless -- most people will never trust software and sensors.
Most injuries and fatalities in self-driving auto tests are due to human error.