Hacker Finds Major Security Flaw In GSM Networks – All Phones Vulnerable

A vulnerability was discovered in GSM networks — the same type of network T-Mobile and AT&T operate on — that could allow for a hacker or an otherwise nefarious character, to gain full remote control of any smartphone running on those types of networks (Sprint and Verizon are in the clear). The security flaw was revealed during a hacking convention in Berlin where the head of Germany’s Security Research Labs, a Mr. Karsten Nohl, said that the attacks could easily be carried out on a large scale as well.

”We can do it to hundreds of thousands of phones in a short timeframe. None of the networks protects users very well. Mobile network is by far the weakest part of the mobile ecosystem, even when compared to a lot attacked Android or iOS devices.”

Hijacked phones could allow for hackers to send text messages or even make phone call, signing up users for expensive premium phone or messaging services, all without the owners consent. If you’re feeling a little bit more paranoid about who could be out there tapping your phone it should be said that Nohl also mentioned carriers could easily patch the security hole simply by updating their outdated software.

[Reuters Via BGR]

Continue reading:

  • http://www.facebook.com/people/Jhaelon-Edwards-Smith/1475202489 Jhaelon Edwards Smith


    • Andr3ww

      No we still lose cause of our slower data speeds.

      • feztheforeigner

        Pretty sure Verizon 4G is about as fast you can get…

        • http://pharaohtechblog.blogspot.com/ Conan Kudo (ニール・ゴンパ)

          Nope. IMT-Advanced (which LTE-Advanced qualifies for, and Verizon doesn’t have it) average speeds of 100Mbps on downlink fully loaded, and average speeds of 1Gbps for FMC downlink fully loaded.

          So yeah, it gets faster!

          • feztheforeigner

            I meant on current wireless choices between networks. It was implied Verizon is slow when compared to companies like Sprint or T-Mobile

          • http://pharaohtechblog.blogspot.com/ Conan Kudo (ニール・ゴンパ)

            Sprint is much slower than Verizon, that’s a given. Depending on the market, T-Mobile will either be neck and neck or just slightly behind Verizon on speeds. AT&T is always behind T-Mobile, and their LTE network will be behind Verizon once it gets loaded (less capacity than Verizon LTE).

          • feztheforeigner

            I believe Verizon to average significantly higher download speeds compared to any of the mentioned networks – in addition to providing by far the most coverage. This includes T-Mobile.

          • http://pharaohtechblog.blogspot.com/ Conan Kudo (ニール・ゴンパ)

            The average is higher, if you only count the 4G LTE network. But, T-Mobile’s HSPA+ network in certain areas can hit around 15-25Mbps for download and 3-4Mbps for upload. That’s awfully close to average LTE speeds. It’s not equal in all markets, but T-Mobile is often the one behind Verizon, with AT&T in third and Sprint lagging as a distant fourth. Verizon’s LTE coverage is roughly equal to T-Mobile’s HSPA+ coverage, but Verizon’s EV-DO coverage does trump everyone else’s network coverage.

          • feztheforeigner

            T-Mobile’s 15-25mbs is merely its theoretical max, real life speeds are actually around 5-7. Verizon 4G provides a slightly larger area over T-Mobile’s coverage (in a lot less time). Verizon’s network (4G) is rapidly expanding all the time though, it’s a lot harder to say that about T-Mobile.

            P.S. my galaxy nexus and Droid razr both consistently produce ~30mbps on Verizon 4G LTE.

          • http://pharaohtechblog.blogspot.com/ Conan Kudo (ニール・ゴンパ)

            Nooo… Theoretical max for T-Mobile’s network is 42.2Mbps on the downlink and 11Mbps on the uplink. Those are real numbers that several people have gathered since the launch of the 42Mbps HSPA+ network.

          • feztheforeigner

            Either way Verizon is still significantly faster.

          • Canon User

            Conan makes a cute post about Sprint being a distant 4th, placing TMobile in second. That’s accurate.. if you’re in one of the few coverage areas that Tmobile has lit up. I’ve always found it laughable that they pretend to be a national network. Even AT&T has only recently managed to grow their 3G footprint beyond a joke of a map, whereas Verizon and to a lesser degree Sprint have had significant coverage for years.

            Sprint has been neck and neck for speed with Verizon where I live for years, with no other 3G options at all until recently AT&T decided to stir. So while it may be a cute generalization that they’re slower, they’re only slower if the competition is actually THERE, which they often aren’t.

      • http://www.techmantis.net/ Minja Miketa

         Verizon’s LTE is mighty fast so I don’t know what you are talking about.

        • Andr3ww

          Yea I should have specified that I was talking about 3G.

      • Guest

        Maybe he’s referring to Sprint?

        • Andr3ww

          Yea well I was talking mostly about Sprint. The other day I got 1mbps and was happy. I’m used to getting 100-500kbps on my Evo 3D in a large metro area.

          And plus Verizon and Sprint’s 3G have a theoretical limits of 3.1mbps. While At&t and T-Mobile have limits of 21.1mbps and 42.2mbps with HSPA+.

      • DavidVarghese

        Haha, oh the irony.

      • http://pharaohtechblog.blogspot.com/ Conan Kudo (ニール・ゴンパ)

        And because 3G GSM is still secure. This only affects the 2G GSM network (no mentions of “UMTS” being affected).

  • http://pharaohtechblog.blogspot.com/ Conan Kudo (ニール・ゴンパ)

    It affects all carriers because nobody upgraded the security technology when they upgraded to UMTS (3G GSM). You’re basically pairing a secure radio technology with an insecure encryption algorithm. A recipe for disaster that most people already knew was there… After all, you’ve left the 2G GSM network as the backdoor. Since Reuters (French company) wrote this article, we know it’s talking about 2G GSM instead of UMTS. Only in the USA do we refer to UMTS technology as GSM. Everywhere else, it is called either UMTS or FOMA.

    • Alex Paulson

      Verizon and Sprint use CDMA, not GSM, therefore they are safe from this threat.

      • http://pharaohtechblog.blogspot.com/ Conan Kudo (ニール・ゴンパ)

        And any network operator who decided to upgrade their security algorithms to the ones they are supposed to use for 3G GSM would be fine too.

        Besides, this article is talking about GSM instead of UMTS. That means that the operators never upgraded to the W-CDMA security algorithm and backported it to the GSM network.

        And yes, WCDMA is still secure. This vulnerability applies to 2G GSM only. UMTS is completely secure because it uses WCDMA technology.

        So, hah!

  • BlackGod


  • saif khan

    this is totally off topic but i just wanted to know, does anyone know who won the the last contest that took place on sunday?

    • BlackGod

      I wonder this too..

  • jshaffer21

    Dear Verizon,

    No carrier IQ,no network wide security threat.
    I am a little less sad about my bill

    • http://pharaohtechblog.blogspot.com/ Conan Kudo (ニール・ゴンパ)

      And this has absolutely no bearing on 3G GSM… AT ALL. So, you should be a little more worried about the price of your bill again! :)

  • starryeyez2


  • Off_Road_Racing

    Will rooting fix this!? LoL!! Since rooting seems to fix all other security problems. Therefore I believe rooting will fix this. :P

    • http://www.techmantis.net/ Minja Miketa

       What? Rooting in no way fixes security problems. It actually creates more because you now have administrative access on your phone and can therefore create more damage.