In a presentation today at Black Hat Europe, a computer-security conference in Amsterdam,
a group of researchers claimed to have found a way to hijack the data sent to
and from mobile phones. The researchers say that the attack might be used to
glean passwords or to inject malicious software onto a device.
Mobile phones
are becoming ever more useful for transmitting data in addition to making voice
calls, and they’re increasingly being used for sensitive activities such as
online banking, as well as for searching the Internet and downloading mobile
games.
The new attack relies on a protocol that allows mobile operators to
give a device the proper settings for sending data via text message, according
to Roberto Gassira, Cristofaro Mune, and Roberto Piccirillo, security
researchers for Mobile Security Lab, a consulting firm based in Italy. By
faking this type of text message, according to the protocol an attacker can
create his own settings for the victim’s device. This would allow him to, for
example, reroute data sent from the phone via a server that he controls. The
researchers say that the technique should work on any handset that supports the
protocol, as long as the attacker knows which network the victim belongs to and
the network does not block this kind of message.
0 comments: on "Hijacking Mobile-Phone Data"
Post a Comment