Two cybersecurity researchers have just taught smartphones a lesson by developing a program that can eavesdrop and steal text messages from any phone on a GSM network – all in about 20 seconds.
The Guardian reported that Karsten Nohl and Sylvain Munaut spent a year honing their technology, which starts by sending a text message to a target phone; called a "ghost" message, the text doesn't show up on the recipient's phone, but enables the hackers to obtain the handset's unique identification number.
Once that identification number is stolen, Nohl and Munaut were able to record phone conversations and texts from the hijacked phone. Their proof-of-concept hack can be deployed on any phone running on a GSM (Global System for Mobile Communications) network.
That's a pretty big focus group – about 80 percent of the world's phones run on a GSM network.
"Any GSM call is fair game," Nohl told the BBC. He and his partner in cybercrime demonstrated their data-grabbing technology at last week's Chaos Computer Club Congress (a gathering of the hacker organization) in Berlin.
Despite its mischievous nature, there is no devious design behind their hacking technology.
Nohl said he and Munaut do not plan to make the eavesdropping kit available for others to use. He said they developed it in the hopes it would serve as a wake-up call to the mobile security industry.
"This is all a 20-year-old infrastructure, with lots of private data and not a lot of security," Nohl said of the GSM network. "We want you to help phones go through the same kind of evolutionary steps that computers did in the 1990s."
The Guardian reported that Karsten Nohl and Sylvain Munaut spent a year honing their technology, which starts by sending a text message to a target phone; called a "ghost" message, the text doesn't show up on the recipient's phone, but enables the hackers to obtain the handset's unique identification number.
Once that identification number is stolen, Nohl and Munaut were able to record phone conversations and texts from the hijacked phone. Their proof-of-concept hack can be deployed on any phone running on a GSM (Global System for Mobile Communications) network.
That's a pretty big focus group – about 80 percent of the world's phones run on a GSM network.
"Any GSM call is fair game," Nohl told the BBC. He and his partner in cybercrime demonstrated their data-grabbing technology at last week's Chaos Computer Club Congress (a gathering of the hacker organization) in Berlin.
Despite its mischievous nature, there is no devious design behind their hacking technology.
Nohl said he and Munaut do not plan to make the eavesdropping kit available for others to use. He said they developed it in the hopes it would serve as a wake-up call to the mobile security industry.
"This is all a 20-year-old infrastructure, with lots of private data and not a lot of security," Nohl said of the GSM network. "We want you to help phones go through the same kind of evolutionary steps that computers did in the 1990s."
