With the ever-increasing use of smartphones as our all-encompassing information epicenters, it’s no surprise hackers have been looking for new and improved ways to breach their security. Until recently, it was a pretty complicated process of hacking a smartphone, especially without having physical access to it.
This new method of hacking smartphones doesn’t rely on the user to download a malware-infected app or a text message of doom. Instead, it tricks the phone into connecting to a new cell phone tower or GSM base station; a station that the hacker set up instead of a legit one owned by a phone company.
“[It’s] like tipping over a rock that no one ever thought would be tipped over,” said the Grugq—a pseudonymous, but well-respected, wireless phone hacker, and one of a handful of people who have done research in this area. “There are a lot of bugs hidden there,” he said. “It is just a matter of actively looking for them.”
Once connected to the hacker’s station, the phone’s auto-answer feature can be activated by the hacker at will, meaning he can listen in on what is happening to the phone’s owner whenever he chooses. And it’s not only for listening in on people in real-time, but can also record audio onto the phone’s memory and then transmit the recorded data later.
Even though this bugging attack can be carried out using $2,000 dollars of equipment and open-source software available to the public, the chances of it being used against the general public are very low. The reason being that it is very tricky and technical to actually launch one of these attacks as the hacker’s code has to be transmitted through and run on the firmware that’s used by the phone’s radio processors, which is something most hackers know nothing about.
At the time being there is no real threat of this attack happening to the common person unless it’s used in very high profile case, like trying to steal corporate secrets worth millions; it will take a lot of hard work to create a perfect attack. This also serves as a warning to smartphone manufacturers, as these types of attacks are something that should be taken into consideration with the creation of the next generation smartphones and security updates for existing smartphones.