Major Smartphone Vulnerability In Baseband

Smartphone security is headed for an “apocalypse,” since a major vulnerability with smartphone baseband processors has gone unheeded, warns Dan Auerbach, a staff technologist at the Electronics Frontier Foundation.

The problem lies in “Baseband Hacking”, or taking advantage of vulnerabilities in a phone’s baseband processor to intercept a phone’s communication with a phony base station. With the meteoric rise in worldwide smartphone use and the declining costs of portable base stations and new open-source software called OpenBTS, a “baseband apocalypse” in smartphone security is coming, Auerbach warns in a in Network World report. Already, some police-state government agencies have created phony base stations to monitor cellphone communications he said.

What is perhaps even more disturbing is that this vulnerability was widely exposed at last year’s Black Hat hacking conference, yet cell phone manufacturers have not done anything yet to remedy the vulnerability.

Auerbach believes “it would be significant to overhaul the encryption that’s used.” And as long as OEMs and carriers don’t feel any pressure to fix this vulnerability, they will probably continue the same vulnerable status quo. Also, top selling Android devices ranked last in smartphone security in a recent report, primarily due to their fragmentation, which further complicates and exposes additional smartphone vulnerabilities.

“Unfortunately, it might be the case where it will require some sort of big, newsworthy event where users’ privacy is compromised in a big way,” Auerbach says, in the report. “I hope that’s not the case. I hope that we can kind of improve security without that, but unfortunately I think it’s going to take a lot of press coverage to get mobile platform vendors and manufacturers to really start caring about this issue.”

Related Links:

Smartphone security is heading for “apocalypse” [Computer World]

Baseband Hacking: A New Frontier for Smartphone Break-ins [All Techie News]

Post a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>