Emerging Dangers in Mobile Communications

|

The importance of both mobile network and software security continues to grow as more personal and significant information is communicated wirelessly. Two new attacks threaten the security of the GSM standard, an unwanted headache for mApp developers, while two others threaten the Android and Apple families of moblie operating systems.

Blackberry’s messenger service, BBM, encrypts messages and then routes the data through the company’s servers in Canada. This means the censors can’t read your mail, which irked the Emirate enough to make them take action, signs point to Saudi Arabia following suit.

This is a big setback to causes, like the Green movement in Iran, which spread their message and build momentum online. When governments can route all the country’s data through servers they control, sending anonymous communications becomes very difficult. The question for ICT4D practitioners is how can countries leapfrog to 4G networks and will it be done in a manner that respects privacy and limits government snooping.

As if hiding from the government wasn’t bad enough, GSM security took a double blow from a technology that spoofs a legitimate tower to intercept communications and software that speeds the decryption of the A5/1 algorithm used by many networks both presented at the Black Hat Hackers conference. The “Kraken” decryption software is approaching the point at which live eavesdropping becomes practical.

The spoofing device demoed by Chris Paget takes a different approach to exploiting GSM security. He hacked together an antennae that drowns out legitimate network signals fooling nearby mobiles into establishing connections and thereby allowing him to listen to conversations. He says, “If you have the ability to deliver a reasonably strong signal, then those around are owned.” While his device can’t currently read data, more sophisticated devices used by the intelligence community are able to, and the principle applies to even next generation networks.

The Android App, used to change a phone’s wall paper, had been downloaded between 1 and 4 million times but was shown by mobile security firm Lookout to be secretly sending data to a website registered in China. The data included the SIM card number and voicemail password if programmed into the phone.

The importance of network security becomes even more crucial as the range of services that we use mobiles for expands. Criminal elements could employ a spoofing device to steal banking data or to prevent communications in a conflict zone.

Also on TechChange Main

FAILFaireDC a Social Space for less than Smashing Successes

Several of us at TechChange had the privilege of attending a great event MobileActive and the World Bank put on...

View Post
Three Tech Advances That May Lead to a More Equitable World

This article was first published on the The Asia Foundation's blog, In Asia. By Melody Zavala  “Just because they are poor...

View Post
Spicing Up Your Prezi: 3 Lessons from PopTech 2013

Last week, I was fortunate enough to present at PopTech 2013 and participate in the Poptech Social Innovation Fellowship program...

View Post