Baseband Apocalypse: New Way for Hacking Smartphones


At Black Hat DC 2011 Ralf-Philipp Weinmann a security researcher that discovered a new way for hacking GSM baseband systems. Attack scenarios against smartphones have concentrated on vulnerable software executed on the application processor. The idea of hacking these systems has been ignored because the operating systems running on these processors are getting hardened by vendors as can best be seen in the case of Apple’s iOS, which uses data execution prevention and code signing to make exploitation of memory corruptions and running malicious software harder.

The technique used to compromise the smartphone requires installation of a malicious base station that will communicate with the targeted device. In recent years this has been impossible task because it is so expensive to a get a similar environment (about tens of thousands USD). But now, thanks to new open source software called OpenBTS, anyone can install a GSM base station for $ 2,000 :-). Which equivalents to purchasing a new computer. Mobile operator also makes the equipment more reasonable by providing consumers with femtocells a small cellular base station, typically designed for use in a home or small business. It connects to the service provider’s network via broadband for only $ 150.

Up to now the malicious code used for performing this attack is not yet public and is unique because it requires deep knowledge of the device chip and only a few hackers know a lot about it. However this does not eliminate the possibility of using Trojans or spyware to record and snoop on remote calls.

make sure you subscribe to my RSS feed!

  • Pingback: Tweets that mention Baseband Apocalypse: New Way for Hacking Smartphones | SecTechno --

  • Pingback: dum0k()

  • Pingback: sp1b0t()

  • Pingback: Daniel Nagata()

  • Pingback: Win Security()

  • Pingback: Hiroki Iwai()

  • Pingback: Mourad Ben Lakhoua()

  • Pingback: Adrian Zamfira()

  • Pingback: Alec Ghica()

  • Pingback: Lee()

  • Pingback: Becky Hurwitz()