Expert Finds Security Flaw In Pervasive Wireless Technology

Karsten Nohl, managing director of Berlin, Germany-based Security Research Labs, told Reuters news agency that the vulnerability is in GSM technology that is used by 80 percent of the world's population. Nohl was scheduled to present his findings Tuesday night at the Chaos Computer Club hacking event in Berlin.

Nohl drew attention last year with his discovery of another GSM vulnerability that could be used to decrypt phone calls so they can be tapped. The latest bug would allow hackers to hijack a phone and then direct calls and texts to a paid service. Phone subscribers wouldn't be aware of the charges until receiving their monthly bill.

The GSMA, an industry lobbying group, said Tuesday it had not seen Nohl's work, but welcomed any "responsible research" to improve security in mobile communications. The association also played down any security concerns with GSM.

"The GSMA and its mobile network operator members are confident in the security of existing 2G GSM networks and real attacks on real networks against real customers are most unlikely," the group said. The organization also pointed out that newer 3G and 4G technologies built on GSM are not affected by the flaw described by Nohl and "continue to provide an even higher level of security to customer communications."

Sponsored post

Nohl told Reuters that the purpose of his research is to pressure wireless carriers and mobile phone manufacturers to improve security. The report came two days after an Austin, Texas-based security think tank, Strategic Forecasting, or Stratfor, confirmed that its Web site had been infiltrated by hactivist group Anonymous. The hacker group claimed to have stolen thousands of credit card numbers and other personal data on Stratfor members.

The GSM vulnerability comes at a time when mobile security is drawing an increasing amount of attention, as sales of smartphones outpace that of PCs. With thousands of applications written for the devices, smartphones store personal and work data and are being used in e-commerce. Such activity is expected to attract hackers, making large-scale scams and security breaches a potential threat.