Comments on: Hacking mobile phones is hard to do

By: moo

moo — Sat, 28 Mar 2009 12:18:42 +0000

Snooping the signal between the phone and the tower is hard but irrelevant. It’s all unencrypted within the switches. Why break through the front door of a house when all the back windows are open?

Hypothetically of course.

By: ajay

ajay — Fri, 05 Dec 2008 17:03:10 +0000

To be honest, I think this is probably what happens when intelligent and sensibly paranoid people who have no specialist knowledge of how mobile phones work spend too much time watching “The Wire”. Inside the pasty head of Paul Vixie there is a little Stringer Bell, reminding him “No cell phones, ever”.

By: Tim Worstall

Tim Worstall — Fri, 05 Dec 2008 12:24:35 +0000

I’m pretty sure that there are people who sell kit to hack mobile phone systems. You’ve got to show that you’re a government before you can buy them though…..

By: Alex

Alex — Fri, 05 Dec 2008 10:42:33 +0000

I think it’s become easier to hack A5, but it’s still nontrivial.

The easiest exploit would probably be to get physical access to the device and install one of those stalkerware apps that copy all activity to a destination of your choice, or else try to spearphish the target with something that would install it.

The latter would be difficult – Symbian has a lot of inherent security features, there have been remarkably few exploits even of Windows Mobile (it’s based on Windows CE, which is significantly different from the desktop kind and is designed for, among other things, control systems applications).

Actually, the least secure mobile OS seems to be Google Android. They discovered everything you typed into the phone, or sent to 127.0.0.1, was piped into a hidden command-line, so you could type “reboot” and the gadget would just reboot – or type rm /rf * and erase all files.

But then, maybe the NSA is spying on Paul Vixie; he’s on this social network after all!

By: Jim Bliss

Jim Bliss — Fri, 05 Dec 2008 00:29:03 +0000

By a weird coincidence, I was sitting in a restaurant this evening and overheard a snippet of conversation from a nearby table and they were discussing this very idea. One guy claimed that his boss (I’ve no idea who he works for or even what sector) had placed a ban on discussing anything confidential over mobile phones because — and I quote — “apparently there’s some way to hack them now”.

I don’t know what he means by “hack”, and I don’t know if it just means his boss is exceptionally gullible. From the little I know, it’s a non-issue (unless, maybe, you’re the sort of person the NSA is interested in). But maybe — just maybe — some enterprising cryptologist has developed a new fangled scanner or something?

I suspect it’s bollocks, but it’s weird to have encountered the idea twice in the same day.

By: David Gillies

David Gillies — Thu, 04 Dec 2008 21:11:17 +0000

Breaking the A5 cipher on GSM is certainly not beyond the means of a well-funded criminal enterprise. COPACABANA and similar efforts make it, if not trivial, then quite feasible.

By: Alex

Alex — Thu, 04 Dec 2008 21:01:22 +0000

If I really wanted to keep something a secret in telecoms terms, I'd use ZFone.

By: The Great Simpleton

The Great Simpleton — Thu, 04 Dec 2008 19:14:40 +0000

They do use GSM in the USA but also CDMA. CDMA is an even more compliced air interface to decode than GSM so it is difficult to eavesdrop even withoun encryption.

Same issues apply between switches.

By: ajay

ajay — Thu, 04 Dec 2008 17:55:17 +0000

Ah, but doesn’t the US have a different mobile phone standard? Not GSM? Maybe that’s more easily intercepted…

By: John B

John B — Thu, 04 Dec 2008 17:32:32 +0000

Indeed – at which point there’s no difference between a mobile and a landline anyway, right?