Telecommunications-wise, 2010 finished in some style with the 27th Chaos Communications Congress conference. Lots of interesting stuff was presented, by the look (no, I wasn’t there), but two items stand out for me:
- SMS-o-Death by Collin Mulliner and Nico Golde demonstrated that your phone doesn’t have to be smart (smart phones are still a minority, worldwide) to be vulnerable to attack. See MIT‘s Technology Review article “SMS of Death” Could Crash Many Mobile Phones. While the demonstration focused on brute-force denial of service, I suspect that there’s scope for more interesting model-specific malfeasance there, too.
- Meanwhile, Dan Goodin reports in The Register that Karsten Nohl and Sylvain Manaut have built on last year’s crack of the encryption algorithm that underpins GSM (which carries around 80% of global cellphone traffic, and yes, that includes iPhone) to use a cheaper rig to intercept phone calls and SMS messages. According to el Reg, Nohl claims that GSM is as insecure now as WiFi was ten years ago. See also http://www.h-online.com/open/news/item/27C3-GSM-cell-phones-even-easier-to-tap-1160200.html and http://www.wired.com/threatlevel/2010/12/breaking-gsm-with-a-15-phone-plus-smarts/.
David Harley CITP FBCS CISSP
Leave a Reply