CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
image News by the Boss!: First Ever GSM Cellphone Exploit image
Wireless

First Ever GSM Cellphone Exploit










by Paul Laudanski, AKA Zhen-Xjell
April 20, 2004

 In an earlier news article, I had noticed that my GSM GPRS enabled cellphone was hijacked over the weekend. Last night my providers representative knew nothing about this. I was advised to call back. At about 6:30 PM EDT today I called my provider once again to discuss this issue further.

I was forwarded to an engineer with whom I was engaged in a healthy discussion. This engineer eventually went to a supervisor while I was on hold. Turns out the supervisor had *just then* received an email about the very hijack I noticed last night. The email was hot off the presses and the supervisor didn't even get to read it yet.

I was advised that my provider is now aware that the issue which I reported actually does exist. They are going to suspend downloads to their customer cellphones. A timeframe was not specified.

I immediately apprised the engineer that an article would be going up sometime tonight. The engineer stated a supervisor with authority to speak on behalf of them would call. I waited a couple hours for the phone call that never came. I suggested to the engineer that this information needs to be handled quickly to ensure public awareness of the situation and that they are working to resolve it immediately. However, that solution at the time was still unknown. I will seek legal counsel in naming the provider.

So I plead to all GSM customers to call up your provider and point them to this article. This is a HIGHLY serious issue that the engineer has confrmed exists, and the provider had at that moment notified its own front line supervisors.

Indeed, the problem is (and confimed by the GSM provider):

Phone book entries are replaced by hijackers external to your phone.

Cellphones are now open to hijacking cracks.

Is this the end of decency to our private phone books? Please note, this is a widely known GSM provider in the United States. Let the cellphone firewalls begin.
Paul

Glossary:

GSM: Global System for Mobile Communications FAQ Here
GPRS: General Packet Radio Service FAQ Here



@Copyright ComputerCops 2004
Posted on Tuesday, 20 April 2004 @ 21:02:55 UTC by Paul (65104 reads)
[ Trackback ]		image

"News by the Boss!: First Ever GSM Cellphone Exploit" | Login/Create an Account | 11 comments | Search
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: First Ever GSM Cellphone Exploit (Score: 0)
by Anonymous  on Thursday, 22 April 2004 @ 00:12:29 UTC
Paul - can we talk by phone, Patrick Murphy.



Re: First Ever GSM Cellphone Exploit (Score: 1)
by Ian-OG  on Thursday, 22 April 2004 @ 00:16:44 UTC
(User Info | Send a Message)
Shouldn't be too hard to implement a firewall for the popular mobile OS's, but it's the resource hit that is worrying - especially for the older kit with a few MHz CPU and tiny RAM.

On the topic (just) this could spin off a firewall for PDAs, since I'm having no luck at all finding one for either my Psion 5 (EPOC/Symbian series 50) or iPAQ 5550 (PPC 2003).

But; I'm not sure that the FW needs to necessarily run on the handset - this sort of junk should be filtered by the service provider. And there will need to be some sort of PKI employed for the times when valid push messages need to get through (like the activation for various services, such as mobile web and GPRS).

Tough nut to crack. I suppose the short answer is to disable speed-dial or calling circle features for now.



Re: First Ever GSM Cellphone Exploit (Score: 0)
by Anonymous  on Wednesday, 21 April 2004 @ 18:45:39 UTC
Paul, can I post this on my site? I find it very interesting, the url is http://www.bornmobile.com email me: webmaster _(A|T|)_ bornmobile.com



Re: First Ever GSM Cellphone Exploit (Score: 0)
by Anonymous  on Wednesday, 21 April 2004 @ 21:21:57 UTC
I guess this is the problem with the increasing technology of mobile phones.

Symbia O/S seems to have a few security flaws, programmes that send premium rate text messages and such.

Are you 100% sure it was 'hijacked' and not actually a program you downloaded that has overwriten your contacts?

I run www.myseries60.net I will ask on there if anybody has had a similar problem.

Were you using an XDA II by any chance?



Re: First Ever GSM Cellphone Exploit (Score: 0)
by Anonymous  on Wednesday, 21 April 2004 @ 21:31:12 UTC
the old west will be coming back.

WANTED....DEAD...OR...ALIVE!!!
CELLPHONE HIJACKERS OF ANY RACE,COLOR, CREED OR NATIONAL ORIGIN.
MARSHALL DILLON
DODGE CITY



Re: First Ever GSM Cellphone Exploit (Score: 1)
by SA  on Saturday, 24 April 2004 @ 18:34:29 UTC
(User Info | Send a Message)
I'm guessing that the unamed company in Paul's post is not one of those listed at http://www.gsmworld.com/using/sas/accredited.shtml.

Not many companies are listed as GSM-approved secure at the GSMWORLD site. I wonder if the GSM security audit--its SAS, is sufficient to prevent hijacking.

I wonder if GSM org.'s SAS is the only choice for safety-conscious companies who want to know how secure they are, or are there lists of safe-conscious companies elsewhere.

SA



Re: First Ever GSM Cellphone Exploit (Score: 1)
by woodsmoke  on Wednesday, 28 July 2004 @ 22:54:30 UTC
(User Info | Send a Message)
Well,
this is just the continuing saga of pigs in space, back in the 60's, 70's when all the fuzzy heads thought that the most important thing in the world was free speech on the internet(read, he/she gets to let us partake of his wonderful musings) the smarter than the rest of us folks who sneer at all of us unwashed, yeech.. all those unwashed folks use PCs!! not Macs like US!, all knew there would eventually be something like a cell phone, but they didn't have even the remotest idea about the commerical possibilities, such as a somewhere net holding of our PERSONAL PHONE LISTS! They're just good kids having fun, wink wink, after all information is FREE! and I mean IN YOUR FACE free!!). Ah yes... the continuing saga....not of pigs in space, but of yet again another way for someone who does not give the slightest rip about you or me to have control over us.


 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· HotScripts
· W3 Consortium
· More about Wireless
· News by Paul

Most read story about Wireless:
First Ever GSM Cellphone Exploit
block bottom
Article Rating
spacer
Average Score: 4.11
Votes: 17


Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
129ppm 0.134s (0.024s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer