Emerging Dangers in Mobile Communications

|

The importance of both mobile network and software security continues to grow as more personal and significant information is communicated wirelessly. Two new attacks threaten the security of the GSM standard, an unwanted headache for mApp developers, while two others threaten the Android and Apple families of moblie operating systems.

Blackberry’s messenger service, BBM, encrypts messages and then routes the data through the company’s servers in Canada. This means the censors can’t read your mail, which irked the Emirate enough to make them take action, signs point to Saudi Arabia following suit.

This is a big setback to causes, like the Green movement in Iran, which spread their message and build momentum online. When governments can route all the country’s data through servers they control, sending anonymous communications becomes very difficult. The question for ICT4D practitioners is how can countries leapfrog to 4G networks and will it be done in a manner that respects privacy and limits government snooping.

As if hiding from the government wasn’t bad enough, GSM security took a double blow from a technology that spoofs a legitimate tower to intercept communications and software that speeds the decryption of the A5/1 algorithm used by many networks both presented at the Black Hat Hackers conference. The “Kraken” decryption software is approaching the point at which live eavesdropping becomes practical.

The spoofing device demoed by Chris Paget takes a different approach to exploiting GSM security. He hacked together an antennae that drowns out legitimate network signals fooling nearby mobiles into establishing connections and thereby allowing him to listen to conversations. He says, “If you have the ability to deliver a reasonably strong signal, then those around are owned.” While his device can’t currently read data, more sophisticated devices used by the intelligence community are able to, and the principle applies to even next generation networks.

The Android App, used to change a phone’s wall paper, had been downloaded between 1 and 4 million times but was shown by mobile security firm Lookout to be secretly sending data to a website registered in China. The data included the SIM card number and voicemail password if programmed into the phone.

The importance of network security becomes even more crucial as the range of services that we use mobiles for expands. Criminal elements could employ a spoofing device to steal banking data or to prevent communications in a conflict zone.

Also on TechChange Main

WorldAidsDay2014
5 Ways Technology is Fighting HIV and Preventing AIDS

In honor of World AIDS Day 2014, we celebrate several TechChange alumni who are heroes in the front lines of...

View Post
TechChange Hosts International Leaders for a Discussion on Tech for Social Good

TechChange recently hosted 17 leaders from the State Department’s International Visitor Leadership Program, which hosted visitors ranging from Morocco to...

View Post
How Might We Measure Trauma Healing? Lessons from Burundi

By Ella Duncan More than 300,000 people lost their lives in the bloody civil war that ravaged Burundi from 1993...

View Post