Emerging Dangers in Mobile Communications

|

The importance of both mobile network and software security continues to grow as more personal and significant information is communicated wirelessly. Two new attacks threaten the security of the GSM standard, an unwanted headache for mApp developers, while two others threaten the Android and Apple families of moblie operating systems.

Blackberry’s messenger service, BBM, encrypts messages and then routes the data through the company’s servers in Canada. This means the censors can’t read your mail, which irked the Emirate enough to make them take action, signs point to Saudi Arabia following suit.

This is a big setback to causes, like the Green movement in Iran, which spread their message and build momentum online. When governments can route all the country’s data through servers they control, sending anonymous communications becomes very difficult. The question for ICT4D practitioners is how can countries leapfrog to 4G networks and will it be done in a manner that respects privacy and limits government snooping.

As if hiding from the government wasn’t bad enough, GSM security took a double blow from a technology that spoofs a legitimate tower to intercept communications and software that speeds the decryption of the A5/1 algorithm used by many networks both presented at the Black Hat Hackers conference. The “Kraken” decryption software is approaching the point at which live eavesdropping becomes practical.

The spoofing device demoed by Chris Paget takes a different approach to exploiting GSM security. He hacked together an antennae that drowns out legitimate network signals fooling nearby mobiles into establishing connections and thereby allowing him to listen to conversations. He says, “If you have the ability to deliver a reasonably strong signal, then those around are owned.” While his device can’t currently read data, more sophisticated devices used by the intelligence community are able to, and the principle applies to even next generation networks.

The Android App, used to change a phone’s wall paper, had been downloaded between 1 and 4 million times but was shown by mobile security firm Lookout to be secretly sending data to a website registered in China. The data included the SIM card number and voicemail password if programmed into the phone.

The importance of network security becomes even more crucial as the range of services that we use mobiles for expands. Criminal elements could employ a spoofing device to steal banking data or to prevent communications in a conflict zone.

Also on TechChange Main

2014 TechChange team-photo
State of TechChange 2014

So long, 2014! Building on our annual posts in 2013 and 2012 (as well as a repeat performance at FailFest 2014!), we wanted...

View Post
Canadian Television-Radio User-Based Billing Controversy

The Canadian Radio-television Telecommunications Commission, more commonly referred to as the CRTC, has recently ignited a firestorm among Internet users...

View Post
Mobiles for International Development Course Gets a Makeover

We’re just one week away from the start of our Mobiles in International Development course and we couldn’t be more...

View Post