More

New Hack Turns Smartphones Into Covert Spying System

The Huffington Post   First Posted: 01/19/11 09:39 AM ET Updated: 05/25/11 07:25 PM ET

Inspiring
 Funny
 Obsolete
 Scary
 Must-Have
 Amazing
 Innovative
 Nerdy
Smartphone Hack Baseband

Your phone is a covert spy device, secretly listening to and recording everything you say -- or at least, it could be, according to new research that has uncovered a smartphone hack affecting both Androids and iPhones.

The auto-answer feature installed on most smartphones can be hacked to transform the phone into a listening machine, based on research by Ralf-Philipp Weinmann that shows a way hackers can break into the phone's baseband processor--which sends and receives radio signals on the cellular network--by exploiting bugs in the firmware of its radio chips.

"I will demo how to use the auto-answer feature present in most phones to turn the telephone into a remote listening device," Weinmann told InfoWorld in an e-mail.

Though previous cell phone security concerns have focused on the operating systems, Weinmann's research represents a new kind of hack--baseband hacking, an approach that requires some complicated set-up to function.

The would-be hacker creates a fake cell phone tower to get the targeted phone to connect with it, at which point the fake tower would be able to transmit the bad code. Moreover, that code must be capable of running on the firmware, representing another level of hacker know-how necessary to run the trick.

A new open source software called OpenBTS allows pretty much anybody to set up a cellular network radio tower. Back in the day, it would take tens of thousands of dollars to accomplish the same feat, making this sort of hacking basically impossible for the average hacker. This kind of hacking is also illegal, as intercepting phone calls over licensed frequencies is against federal law.

Weinmann will unveil his hack at next month's Black Hat information security conference in Washington DC. His title for the presentation? "The Baseband Apocalypse."

FOLLOW HUFFPOST TECH

Related News On Huffington Post:
 

More in Technology...


 
 
  • Comments
  • 67
  • Pending Comments
  • 0
  • View FAQ
Comments are closed for this entry
View All
Favorites
Recency  | 
Popularity
Page: 1 2  Next ›  Last »  (2 total)
photo
HUFFPOST COMMUNITY MODERATOR
justlw
Nehemiah Scudder 2012: Now More Than Ever
979 Fans
02:55 PM on 02/05/2011
If you really want to be all paranoid and stuff about this:

1) If your phone is online, it uses more energy. It will get warmer. If you notice your phone getting warmer, and you don't know why: THEY'RE ON TO YOU! AAAHHH!

2) Put your phone in a Mylar bag whenever you don't want it to go online.

3) *Don't take your phone with you.*

You're welcome!
Permalink  |
HUFFPOST SUPER USER
thole489
Obama 2012
427 Fans
 
02:00 PM on 01/23/2011
Didn't they do this in the movie "Eagle Eye"? Great movie if you have never seen it.
Permalink  |
photo
HUFFPOST SUPER USER
oxygen
love is like oxygen
1249 Fans
 
09:00 PM on 01/21/2011
put your cell phone next to your microwave when warming up coffee - always works to release a few bad viruses
Permalink  |
creed840
Boiling water to weaken the tea.
126 Fans
03:07 PM on 01/20/2011
If the OS is that simple to hack, then a patch needs made and updated to the phone. Just think of all the Windows updates you get. Phones will need them too once a problem is found. Lets just hope they are not as slow to correct as Microsoft.
Permalink  |
photo
PenguinLinux
got root ?
129 Fans
10:40 AM on 01/20/2011
Newsflash: ANY cell phone, not just smart phones, can be activated (even if off) to listen to whatever is near the phone. The only way to prevent this is to remove the battery from the phone,.
Permalink  |
HUFFPOST SUPER USER
John Kramarz
170 Fans
07:25 AM on 01/20/2011
I'm thinking about my day yesterday and the conversations I had, and what if someone heard all of that!
Man! they would be more bored than I was!
Permalink  |
photo
Lahonda
Bynocent Instander
2202 Fans
03:15 AM on 01/22/2011
...and don't forget to pick up your laundry for Mom, either.
Permalink  |
HUFFPOST SUPER USER
Joseph Bethea
musician
49 Fans
04:04 AM on 01/20/2011
Illegal for the ordinary citizen to do but ok for the government to do lol typical example of do what i say and not what i do
Permalink  |
photo
HUFFPOST SUPER USER
MrDOB
126 Fans
08:28 AM on 01/21/2011
Ha ha ha right on!
Permalink  |
sarabono
Oldie but Goody
252 Fans
11:17 PM on 01/19/2011
Damn ! Now it looks like I'm going to have to get voice scrambling and 256 bit encription on my phone jus to tell my hubby to stop and pick up a gallon of milk ......
Permalink  |
photo
Lahonda
Bynocent Instander
2202 Fans
03:16 AM on 01/22/2011
...don't worry. I told him already.
Permalink  |
This user has chosen to opt out of the Badges program
photo
kkvv
61 Fans
11:02 PM on 01/19/2011
I am not worry about that at all, afterall we have something called NSA.
Permalink  |
rmaenza
0 Fans
10:00 PM on 01/19/2011
Unless your a government official or work for the White House I would not worry about it. Hackers can get into anything they want if they try enough times. mainstreethost
Permalink  |
photo
keramos
Who are the brain police?
1424 Fans
07:37 PM on 01/19/2011
If you are really concerned about this, take the battery out of your phone.  Carry paper files.  Put copper mesh around your windows.

There always seems to be someone out there willing to turn a convenience into an intrusion.  NSA - are you listening/reading/intercepting/snooping?
Permalink  |
photo
HUFFPOST SUPER USER
E Pluribus Unum 2010
260 Fans
02:10 PM on 01/19/2011
Note to all innocent Americans: you have no privacy, nor even a right to privacy. You should assume law enforcement and intelligence agencies have arranged to have back doors put into all contemporary portable devices. And yes, gps is a good thing when you're calling 911, but criminals can use your phone against you as well. The bottom line, for better or worse, is that if you want to have a truly private moment, you need to take the battery out (sorry iPh*ne users.) Welcome to the Brave New World.
Permalink  |
photo
CountChocula101
2 Fans
02:03 PM on 01/19/2011
Make sure to encrypt valuable data on your smartphone and on all computer devices--it is very easy to hack into such things. Don't think that because you have a logon password you're safe; these are also unbelievably easy to hack.

Be very very careful about using Facebook or twitter on smart phones or over any wireless network. Applications like Firesheep make it incredibly easy to hack into your accounts.

I would also recommend using Tor Browser. It hides your IP address over the internet. Very useful in our modern age in which the government uses stuff like your google search history against you.
Permalink  |
photo
eric14
1099 Fans
 
03:36 PM on 01/19/2011
Tor Browser? Looks interesting. Any tips, comments before we plunge in?
Permalink  |
This user has chosen to opt out of the Badges program
photo
ecotopian
I am nerd, hear me geek
113 Fans
06:38 PM on 01/19/2011
http://www.torproject.org/ This is the website. I was curious and did a search for it.
Permalink  |
photo
HUFFPOST SUPER USER
mheister
Raconteur. Blog michaelheister.com
763 Fans
 
01:26 PM on 01/19/2011
This hack can potentially be used to pilfer info when the mark remains at a particular location for a significant period of time - at home or the office. It's far less useful against people who travel, not just from city to city but even only a mile or two within a city as those towers have a limited range and have to hand off phones.

Well, unless the hacker also figures out a way to trick the other towers to continue to feed back the data from the phone to the faux tower.

Okay, I'm going back to carrier pigeons.
Permalink  |
photo
roberttsf
Preconceived notions don't count as facts
272 Fans
12:58 PM on 01/19/2011
I find it ironic that most of these posts are worried about privacy and the application of this hack by "government authorities" when the same people post on other stories about the need for more government control and regulation. The patriot act was passed because people want a false sense of security and are willing to give up their rights for it. What's to stop a clause in the "Fairness doctrine" from invading your privacy in the same ways? More government, less freedom.
Permalink  |
Page: 1 2  Next ›  Last »  (2 total)