First serious threat to cellphone security? - no it's not

Stuart Corner
Friday, 17 November 2006 06:02

Opinion and Analysis

In a blog posted in response to another rather cynical report of SecurStar motivations Hafner revealed "the real story" behind RexSpy's development.

"During the development of our newest product, PhoneCrypt,  designed to secure phone conversations, we have deeply analysed the GSM protocols and the internal architecture of mobile telephones. Here we found several fundamental security flaws and discovered that sending a simple "properly" formatted service SMS, we can remotely control any phone (new and old, regardless of the operating system Symbian/windows/etc). This is basically what we showed at the Security section of the Systems security conference in Munich."

"PhoneCrypt has nothing to do directly with this flaw, however obviously, we have added into PhoneCrypt several technologies that will also prevent such attacks. It is important to mention that we did not invent any virus/Trojan, but that we only demonstrated a flaw that is present in any phone and that any middle skilled programmer could use to develop his own Trojan.

"Having found this flaw, we also offer a free utility for windows based phones that can be downloaded in the download section of the SecurStar homepage. www.securstar.com."

Well that should certainly get some traffic to their web site. However they say nothing about how the eavesdropper is actually supposed to get the communication from the compromised phone.  Does it connect to a third phone every time a call is placed? Do you need special listening equipment? etc etc. Yet it claims that interception is "child's play".

If it is to make that claim it really needs to elaborate on how the calls on the compromised phone are intercepted. It has long been possible to intercept an encrypted GSM phone conversation if you can get you hands on an IMSI-Catcher - purchasable over the Internet. Australian company SecureGSM specialises in security software that will protect windows-based smartphones from such eavesdropping and lists on its website  the sites of several vendors of such equipment. Of course it is illegal to buy and use an IMSI catcher unless you are a legitimate law enforcement agency or someone such as ASIO or the CIA. But I am sure there are ways... Oh and I forgot to mention last time I looked to going price was around half a million dollars US. However SecureGSM's managing director, Roman Korolik, told me they could be had for less than $10,000.

And, as iTWire reported earlier this year,  it seems highly likely that insurgents in Iraq have got hold of such devices. The families of British soldiers serving there started receiving nuisance and threatening calls from people with thick middle-eastern accents. The army said its investigations indicated that the originators of these nuisance calls had acquired the numbers from soldiers using their own mobile phones.