Emerging Dangers in Mobile Communications

|

The importance of both mobile network and software security continues to grow as more personal and significant information is communicated wirelessly. Two new attacks threaten the security of the GSM standard, an unwanted headache for mApp developers, while two others threaten the Android and Apple families of moblie operating systems.

Blackberry’s messenger service, BBM, encrypts messages and then routes the data through the company’s servers in Canada. This means the censors can’t read your mail, which irked the Emirate enough to make them take action, signs point to Saudi Arabia following suit.

This is a big setback to causes, like the Green movement in Iran, which spread their message and build momentum online. When governments can route all the country’s data through servers they control, sending anonymous communications becomes very difficult. The question for ICT4D practitioners is how can countries leapfrog to 4G networks and will it be done in a manner that respects privacy and limits government snooping.

As if hiding from the government wasn’t bad enough, GSM security took a double blow from a technology that spoofs a legitimate tower to intercept communications and software that speeds the decryption of the A5/1 algorithm used by many networks both presented at the Black Hat Hackers conference. The “Kraken” decryption software is approaching the point at which live eavesdropping becomes practical.

The spoofing device demoed by Chris Paget takes a different approach to exploiting GSM security. He hacked together an antennae that drowns out legitimate network signals fooling nearby mobiles into establishing connections and thereby allowing him to listen to conversations. He says, “If you have the ability to deliver a reasonably strong signal, then those around are owned.” While his device can’t currently read data, more sophisticated devices used by the intelligence community are able to, and the principle applies to even next generation networks.

The Android App, used to change a phone’s wall paper, had been downloaded between 1 and 4 million times but was shown by mobile security firm Lookout to be secretly sending data to a website registered in China. The data included the SIM card number and voicemail password if programmed into the phone.

The importance of network security becomes even more crucial as the range of services that we use mobiles for expands. Criminal elements could employ a spoofing device to steal banking data or to prevent communications in a conflict zone.

Also on TechChange Main

Yohan Profile Picture
Meet TechChange’s New Creative Director: Yohan Perera

Already an established graphic designer with the TechChange team, Yohan Perera recently assumed the responsibilities of Creative Director, where he...

View Post
Listen, Before Changing the World: Obaid Arshad Khan

Featured image credit: Janjua Amolksimranjit Singh    It was an immense pleasure to be a part of the two-day TechChange course ‘Mobile...

View Post
Listening to the ‘Peacekept’: Using Technology to Understand Conflict Narratives

If you're interested in learning more about how technology can support peacebuilding and conflict management programming, check out TC109: Technology for...

View Post