Security researchers from the Technical University of Berlin have discovered a new way to block both phone calls and SMS messages with just a few software modifications to their own mobile device. According to the MIT Technology Review, the exploit works by embedding custom firmware in the baseband processor -- the component of the phone responsible for communicating with nearby network towers.
Under normal circumstances, when a call is sent out, the tower sends out a “ping” to the intended recipient. Before the call is properly connected or the SMS message is received, the intended receiver must answer back by effectively saying “it’s me”. The modified handsets, however, intercepts these signals by responding to the “pings” faster than the actual recipient. As a result, the unknowing victim never receives the message. If the hack is pulled off successfully, it can steal communications within an area approximately 75 square miles in size.
Fortunately, there are some restrictions as to what the exploit can actually do and who the software can target. First off, Motorola phones are currently the only known handsets that can be modified for these purposes.The jammers also only affect 2G GSM networks, rendering them useless against 3G and 4G variants. That being said, GSM networks are still the most popular network worldwide and are used by nearly 4 billion people.
Another limitation is that only phones under the same provider can have their communications blocked; for example, T-Mobile phones are immune to modified Verizon handsets. Most importantly, the hack can’t actually be used to listen in on calls or read SMS messages; disrupting the pinging process is about as far as the research group went.
Interestingly, the threat could be eliminated if current GSM protocols are altered to include the exchange of encrypted codes. This safeguard isn’t expected to be deployed anytime soon though - not unless there’s imminent danger. Victor Bahl, principle researcher of the mobility and networking research group at Microsoft, explained, “The defense is expensive to deploy. I can only speculate that the cell network providers are reluctant to invest in mitigation strategies in the absence of an immediate threat.”
No comments:
Post a Comment