Firmware tweak can block subscriber calls, says Berlin group

Aug 28, 2013 by Nancy Owano weblog

A telecommunications security research group at the Technical University of Berlin earlier this month told an audience at the 22nd USENIX Security Symposium that they were able to hack phones by modifying embedded software. They could block calls and texts intended for nearby people connected to the same cellular network. They pulled this off by modifying embedded software on the mobile phone's baseband processor, controlling communications with a network's transmission towers. Just one phone could have the impact of blocking service to people served by base stations within a certain coverage area. The hack involves modifying the baseband processor on some phones and tricking older 2G GSM networks into not delivering calls and messages intended for subscribers nearby.

The hacked – OsmocomBB – can block calls and messages because it can quickly respond to them before the phones that are intended to get the communications can do so.

But wait, did they say GSM (Global System for Mobile communications)? Isn't that the older type of network, so who cares? The fact that the group's method worked on the second-generation (2G) GSM networks is important. These are the most common type of worldwide; about 4 billion people use GSM networks for calls even though carriers promote 3G and 4G. The group's work with 2G was explained further at USENIX by Kévin Redon, a Berlin-based researcher. Radon said that GSM is still relevant, can be found everywhere; in fact, in some countries there is only GSM, he stated.

Redon and researchers Nico Golde and Jean-Pierre Siefert provided the presentation, "Let Me Answer That For You: Exploiting Broadcast Information in Cellular Networks."

They implemented their approach and they tested it out to find that they were able to carry out their attacks on a number of German cell phone operators, vulnerable to the trio's attack.

According to their work, "We demonstrate that for at least GSM, it is feasible to hijack the transmission of mobile terminated services such as calls, perform targeted denial of service attacks against single subscribers and as well against large geographical regions within a metropolitan area."

This video is not supported by your browser at this time.
Credit: Kévin Redon / USENIX

They also noted that the attack can be accomplished just by using inexpensive consumer devices that are available on the market. According to MIT Technology Review, the group used open-source baseband code to write replacements.

This video is not supported by your browser at this time.
block phone calls or SMS via GSM paging procedure race condition


Explore further: Quantenna promises 10-gigabit Wi-Fi by next year

More information: www.usenix.org/conference/usenixsecurity13/let-me-answer-you-exploiting-broadcast-information-cellular-networks
www.technologyreview.com/news/518646/hacked-feature-phone-can-block-other-peoples-calls/
threatpost.com/phone-hack-could-block-messages-calls-on-some-mobile-networks

Related Stories

GSM phones -- call them unsafe, says security expert

Dec 27, 2011

(PhysOrg.com) -- A German security expert has issued a warning that billions of mobile phone users who depend on GSM networks are vulnerable to having their personal mail hacked. He blames the problem on network ...

Researchers show how to use mobiles to spy on people

Apr 22, 2010

(PhysOrg.com) -- Researchers have demonstrated how it is possible to use GSM (Global System for Mobile communications) data along with a few tools to track down a person’s mobile phone number and their location, ...

Scientists break satellite telephony security standards

Feb 08, 2012

Satellite telephony was thought to be secure against eavesdropping. German researchers at the Horst Gortz Institute for IT-Security (HGI) at the Ruhr University Bochum (RUB) have cracked the encryption algorithms of the European ...

GSM system about to be compromised

Dec 08, 2009

(PhysOrg.com) -- Research scientists in California and elsewhere are deliberately setting out to compromise the mobile phone system used by around three billion people. The system uses Global System for Mobile ...

Recommended for you

Hand out money with my mobile? I think I'm ready

3 hours ago

A service is soon to launch in the UK that will enable us to transfer money to other people using just their name and mobile number. Paym is being hailed as a revolution in banking because you can pay peopl ...

Quantenna promises 10-gigabit Wi-Fi by next year

Apr 16, 2014

(Phys.org) —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...

Tech giants look to skies to spread Internet

Apr 16, 2014

The shortest path to the Internet for some remote corners of the world may be through the skies. That is the message from US tech giants seeking to spread the online gospel to hard-to-reach regions.

Wireless industry makes anti-theft commitment

Apr 16, 2014

A trade group for wireless providers said Tuesday that the biggest mobile device manufacturers and carriers will soon put anti-theft tools on the gadgets to try to deter rampant smartphone theft.

Dish Network denies wrongdoing in $2M settlement

Apr 15, 2014

The state attorney general's office says Dish Network Corp. will reimburse Washington state customers about $2 million for what it calls a deceptive surcharge, but the satellite TV provider denies any wrongdoing.

Netflix's Comcast deal improves quality of video

Apr 14, 2014

Netflix's videos are streaming through Comcast's Internet service at their highest speeds in the past 17 months now that Netflix is paying for a more direct connection to Comcast's network.

User comments : 0

More news stories

Tiny power plants hold promise for nuclear energy

Small underground nuclear power plants that could be cheaper to build than their behemoth counterparts may herald the future for an energy industry under intense scrutiny since the Fukushima disaster, the ...

Turning off depression in the brain

Scientists have traced vulnerability to depression-like behaviors in mice to out-of-balance electrical activity inside neurons of the brain's reward circuit and experimentally reversed it – but there's ...

Is Parkinson's an autoimmune disease?

The cause of neuronal death in Parkinson's disease is still unknown, but a new study proposes that neurons may be mistaken for foreign invaders and killed by the person's own immune system, similar to the ...