wiretapping Computer security researchers say that GSM phones (which make up about 80% of the mobile phone market) can be listened in on by anyone with a few thousand dollars worth of hardware and some free open-source tools.

This Sunday at the Chaos Communication Conference in Berlin, Karsten Nohl unveiled his discovery and invention: the “cracking tables”, which is a 2 terabyte code that can be used to determine the encryption key to a secure GSM (Global System for Mobile communications) telephone conversation or text message. Meaning that with this code anyone with enough hardware can intercept a call or text message from a GSM mobile phone.

While Nohl didn’t create a GSM-cracking device (which would be illegal in most countries, including the U.S.) he used the information that had been common knowledge in most academic circles to make it usable. He also says that the flaw that allows calls and texts to be intercepted is the 20-year-old encryption algorithm used by most carriers. It’s a 64-bit cipher called A5/1 and it is simply too weak, according to Nohl. Using his cracking tables, antennas, specialized software, and about $30,000 worth of computing hardware to break the cipher, anyone can crack the GSM encryption in real time and listen in on calls.

The reason that this is only now coming to our attention is that even discussing wiretapping tools can be illegal in the U.S. and most researchers never risked researching the subject. But after hiring lawyers to consult with the Electronic Frontier Foundation, Nohl and his collaborators set upon exposing the flaws in the GSM system without –they believe — breaking the law. Even though Nohl didn’t create a device that would be able to intercept the calls, he says that a technically sophisticated hacker could figure it out, and has probably already done so.
“I certainly use my phone differently than before, trying to keep confidential calls on encrypted lines instead” said Karsten Nohl.
To deal with the security threat with the old GSM phones, GSM Association said that they will look into the researcher’s claims and that they have developed a next-generation standard for GSM phones called the A5/3, which is considered to be much more secure then the old A5/1. It is the same type of encryption that is already being used on 3G networks to carry Internet traffic.

(Via ComputerWorld)

Read More →

1255633684_paris-sidekick As our cell phones become capable of doing so much more then just making phone calls, such as downloading applications, shopping online, and even managing our bank accounts, hackers look to them more and more as a system to exploit. This is not just something we have to worry about having in the future, but this is something cell phone users need to be concerned about right now.

Russian antivirus company, Kaspersky Lab, has found a new malicious program that has already been used to part phone users from their money. This program works by hijacking Nokia phones and making small charges to the owner’s wireless account, and then sending that money to the account of the hacker.

In yet another similar incident that happened last month, an Australian student created and spread a virus on jailbroken iPhones. This virus wasn’t really harmful as it only changed the background image on the iPhone, but its purpose was to show the vulnerability of smartphones.

“The tipping point will be when we’re using the phone to shop and conduct banking,” Mr. Moss, a security expert and organizer of the Black Hat conference said. “The more you do with the phone, the more valuable a target it becomes.”

With the overwhelming amount of mobile malware popping up, a new company called Lookout has started up. Right now Lookout is testing security software for phones running Windows Mobile, and the Android operating system, and they will soon be introducing security applications for the iPhone and BlackBerry. The software will protect phones from rogue programs and it will allow the phone’s owners to remotely back up and erase data on their phones in case a phone is stolen. A user will also be able to track their phones on the web using the phone’s built-in GPS.

Lookout has been working hard to bring to the public’s attention to focus on just how vulnerable people’s cellphones really are. One of the ways they have succeeded in doing this recently, was by camping outside the Academy Awards ceremony in Hollywood, and scanning the phones of the stars walking the red carpet by using a short range Bluetooth wireless connection. They found that as many as 100 of the stars’ phones were vulnerable to hacking over such a connection, effectively proving us just how vulnerable these phones really are.

(Via NYTimes)

Read More →


A new program called PhoneSnoop was recently released that lets people listen in on BlackBerry user’s  phone conversation without their knowledge. The way it works is that when a specific number calls you, your BlackBerry will automatically answer it and put it on speaker phone.

Unlike regular viruses and spyware that you get on computers just by surfing a website or opening up an e-mail, this program has to be installed on your phone by someone with physical access to it. So unless you give out your BlackBerry to people to mess with, you should be pretty safe. But if there’s someone in your life that may be concerned about your personal business, you may want to keep your BlackBerry guarded.

But just in case you are still worried about the security of your BlackBerry, a new tool called “Kisses” has been made just for that. It finds any hidden apps that are on your phone and lets you uninstall them.

(Via CNET)

Read More →