Researchers have hacked a built-in maintenance application found on many smart phones that could open the door to hacking the cellular network itself.
David Maynor, CTO for Errata Security, this weekend at the Summercon security confab in Atlanta will demonstrate a tool built by Errata that provides a peek into the inner workings of the cell network, such as the frequency at which a smart phone is operating. Maynor will also explain how he reverse engineered the so-called Field Test application found in Windows Mobile and Apple iPhone smart phones in advance of Errata’s building the tool.
Errata calls its hack â€œcellular spelunking,â€ and will release the source code for its new tool in conjunction with Maynorâ€™s presentation. Maynor says the tool is aimed at cell network providers and smart phone manufacturers, as well as â€œpeople who want to know how cell networks work.â€
â€œI donâ€™t know why these [maintenance] apps are on a phone for consumers,â€ says Maynor, who says his demo wonâ€™t contain any potentially unlawful or malicious hacking activities. â€œIf you start looking at security as whole, mobile devices are a larger concern… This is really an unexplored area of security.â€
Maynor says Errata didnâ€™t exploit any vulnerabilities in the hack — that wasnâ€™t necessary, he says. â€œThis weakness in the phone leads to a greater understanding of the network as a whole.â€
Cell network security is a tricky area for researchers given strict regulations protecting the cellular infrastructure. Still, itâ€™s increasingly becoming an area of interest for security researchers — a pair of researchers at Black Hat USA earlier this year demonstrated how they had cracked the encryption in GSM mobile phones and could intercept voice conversations and SMS text messages.
Errataâ€™s new hacking tool runs on an iPhone and gathers information about the cellular network to which the smart phone is connected.
Cell networks werenâ€™t built with security in mind, Maynor says. And knowing the frequency of a smart phone means you can also find control channels for the cell towers, Maynor says, many of which carry information such as SMS messages destined to all phones in that cell area, for instance. â€œIt would be the equivalent of turning on a sniffer on a computer for certain types of data,â€ he says.
Errataâ€™s hack basically demonstrates how you can use information from the smart phone to get more access to the cell network than a user is supposed to have, Maynor says. And if Errataâ€™s new tool were paired with the Universal Software Radio Peripheral (USRP), for example, he says, an attacker could hack the cell network itself.
Another danger, of course, would be an attacker exploiting the smart phoneâ€™s information to launch a malware attack that could disrupt the cell network.
Maynor, meanwhile, plans to release a white paper for his presentation that provides more details on how he reverse engineered the Field Test smart phone app and what he discovered during the process.
Related Posts: On this day...
- Mind Reading: The Researchers Who Analyzed All the Porn on the Internet - 2011
- Private Rooms by Guido Argentini - 2010
- Man arrested for shooting at car of iPhone thieves - 2010
- New NYC subway map comes out next month - 2010
- Project BMW E92 M3 "Darth Maul" by MWDesign - 2010
- Cambridge study: DRM turns users into pirates - 2009
- Linux Unified Kernel aims to combine Linux and NT kernels - 2009
- A Linux render cluster inside an IKEA cabinet - 2008