The annual Chaos Communication Congress (CCC) in Berlin has seen revelations of an ‘SMS of Death’ attack against many conventional non-smartphones and a toolkit for eavesdropping on calls and text messages ob any GSM network.
The SMS of Death involves a malicious SMS text message to a phone which can effectively ‘brick’ the phone (make it useless). The research focused not on smart phones like the iPhone, but on less sophisticated phones like the Nokia N40, the Motorola RAZR and the Samsung S5230 Star and S3250. In some cases, the attack would disconnect the phone and force it to reboot; but since the phone did not acknowledge receipt of the message, the network would continue sending it.
The attack probably isn’t as scary as the name implies. Attacks like this have been found many times in the past and are always dealt with by network providers by filtering at their end. This may have already been done in the case of the SMS of Death.
The GSM attack, described in this BBC story. GSM (Global System for Mobile communications) is the most popular network architecture for mobile telephone systems, servicing an estimated 5 billion devices and dominant outside of the US. Researchers Karsten Nohl and Silvain Munaut demonstrated at the CCC a kit which can locate any GSM phone by taking its unique ID and using it to intercept data transferred between the phone and base. They decrypt this transmission using a decryption tool using a ‘rainbow key’. If such a technique works, it probably indicates a fundamental weakness in GSM encryption.
Hat tip on the GSM issue to Threatpost.
Full story: Security Watch
Related Posts
- Malware sites already capitalizing on announcement of Osama Bin Laden’s Death
Within hours of the announcement of Osama Bin Laden's death, we are already seeing malicious sites emerge to capitalize on the news. One Spanish language site displays a purported photo of a murdered ... - The SMSer Trojan returns as fake browser
We have seen many fake security products and fake disk utilities targeting the windows platform. Of late, we have started observing an increasing trend in mobile platform too. Following on the heels o... - Encrypted text messaging for BlackBerry and Android
ProtectedSMS enables BlackBerry and Android users to exchange secure, encrypted text messages with individuals who have installed the software.Unlike other secure texting solutions that require a subs... - New Android.Spy modification turns smart phones into zombies
Doctor Web-the Russian anti-virus vendor-unveils the discovery of a malicious program belonging to the Android Spy family. The malware poses a threat to owners of Android smart phones. Once the Trojan... - Are Facebook Comments the Death of Anonymity?
Facebook recently announced a major overall of their comments system. The new changes will allow Facebook users to comment on third-party websites using their profiles. Supporters of the new s... - News of AutoRun’s Death Has Been Greatly Exaggerated
Last week, I applied Microsoft Updates to one my Windows XP test machines and noted an optional update which restricts "AutoRun entries in the AutoPlay dialog to only CD and DVD drives".You ca... - When Technology Fails: Mobile Death Trap
People place way too much trust in technology. We see that time and time again as phishing attacks and rogue security programs proliferate. Identity theft can be one of the more extreme results ... - LIFE OF A COMPUTER HACKER – REVEALED Pt 01, with Kevin Mitnick
CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services lik... - Blog: We Come in Peace, Too – Impressions from CCC’s 27C3 / Berlin
Since Monday, my colleagues and I have been attending the annual Chaos Communication Congress 27C3 in Berlin. For the past 27 years, the Chaos Computer Club has organised this four day conference for... - American guy must be stoned to death Facebook survey scam spreads quickly
A scam is spreading rapidly across Facebook, luring users into clicking on a link, using messages like the following:
This American GUY must be Stoned to De@th for doing this to a GIRL: [LINK]
Other...
Posted on 03 January 2011. Tags: 'SMS, Berlin, Death, eavesdropping, Revealed
The annual Chaos Communication Congress (CCC) in Berlin has seen revelations of an ‘SMS of Death’ attack against many conventional non-smartphones and a toolkit for eavesdropping on calls and text messages ob any GSM network.
