Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Fake GSM Base Station Trick Targets IPhones

CmdrTaco posted more than 3 years ago | from the but-he-was-wearing-a-hat dept.

Iphone 64

mvar writes "While his Black Hat DC Conference demonstration was not flawless, a University of Luxembourg student on Wednesday did show that it's possible to trick iPhone users into joining a fake GSM network. Ralf-Philipp Weinmann showed how to cobble together a laptop using open-source software OpenBTS and other low-cost gear to create a fake GSM transmitter base station to locate iPhones in order to send their owners a message. A number of iPhone users in the room expressed surprise that they had gotten a message asking them to join the network. 'You want to get phones not just used by the teenage crowd but executives,' said Weinmann, adding that it is possible to 'have complete control of the phone.' Part of the reason these fake GSM network attacks are possible is because the code base used in smartphones such as the iPhone, which is Infineon-based, goes back to the 1990s."

Sorry! There are no comments related to the filter you selected.

In other news... (0)

Shoeler (180797) | more than 3 years ago | (#34941500)

Users click on "Click here to install Rogue Antivirus for free!" links, children click on flashing boxes regardless of anything, and executives make money off of the backs of much lower paid workers!!!

Shocking.

He added in the comments of the linked article (4, Informative)

_0rm_ (1638559) | more than 3 years ago | (#34941530)

The exploit he demonstrated has since been patched by Apple.

Re:He added in the comments of the linked article (0)

Anonymous Coward | more than 3 years ago | (#34941584)

Still, the demonstrated techniques remain relevant.

Re:He added in the comments of the linked article (-1)

Anonymous Coward | more than 3 years ago | (#34941612)

Apple still had their shit called out.

Re:He added in the comments of the linked article (2)

jgtg32a (1173373) | more than 3 years ago | (#34941640)

What was the version that got patched? I'm a couple of updates behind.

Re:He added in the comments of the linked article (2)

_0rm_ (1638559) | more than 3 years ago | (#34941764)

He didn't say. You can read his comment bellow the twitter stuff on the article page.

Re:He added in the comments of the linked article (3, Interesting)

Anonymous Coward | more than 3 years ago | (#34941716)

You are missing the point. This is a chipset issue and just the tip of the iceberg. Apple can't patch this properly it requires the chipset manufacturer to update their code which is no easy process on a lot of devices. While the iphone was the demo you can bet that others are affected too.

Re:He added in the comments of the linked article (4, Informative)

Atti K. (1169503) | more than 3 years ago | (#34942150)

Chipset issue and Apple issue too. No matter how crappy the baseband, it shouldn't be able to tell my phone to record audio and transmit it later. BTW, this kind of attack should be impossible on 3G, but I guess GSM will still be around for many years.

Re:He added in the comments of the linked article (0, Flamebait)

CrossChris (806549) | more than 3 years ago | (#34945208)

....Nope. iPhone 3Gs are just as susceptible. The sooner that Apple realise that they've backed the wrong horse (as usual) and move their hardware to an OS that works, the sooner their massive losses in sales to Android phones will stop.

Re:He added in the comments of the linked article (1)

Atti K. (1169503) | more than 3 years ago | (#34945454)

I meant 3G (aka UMTS) mobile networks, not the iPhone 3G. It's not that easy to fake a 3G network, as it is a GMS one.

Re:He added in the comments of the linked article (1)

thunderclap (972782) | more than 3 years ago | (#34947964)

I don't want that to happen. I want them to continue to back that horse until it keels over and dies. I want to laugh when Apple returns to the place it belongs a tiny niche player with 1% of the market. (any computer related market)

Re:He added in the comments of the linked article (0)

Anonymous Coward | more than 3 years ago | (#34949214)

I don't want that to happen. I want them to continue to back that horse until it keels over and dies. I want to laugh when Apple returns to the place it belongs a tiny niche player with 1% of the market. (any computer related market)

Jealousy! Must be 'cuz it sounds like;

Jealousy! Must be 'cuz it feels like;

Jealousy! Must be 'cuz it smells like;...

Re:He added in the comments of the linked article (1)

sznupi (719324) | more than 3 years ago | (#34950644)

Out of over 5 billion mobile subscribers, those using iPhones certainly form less than 2% (looking at simple number of units made); perhaps closer to 1% (who knows how many are still in use)

Re:He added in the comments of the linked article (1)

Wovel (964431) | more than 3 years ago | (#34954634)

Yet somehow they are they manage to be the highest revenue mobile phone manufacturer in the world.. Go figure.

Re:He added in the comments of the linked article (2)

sznupi (719324) | more than 3 years ago | (#34955422)

Choosing to ignore "lesser people" does help with that.. (funnily enough, while relying on them with manufacturing; meanwhile some other manufacturers can have half of their dozen plants in the EU, and one even quite close to Cupertino) as would possible free-riding on cellular R&D, we have to wait how this one ends.

(but BTW they are not "the mobile phone manufacturer", that's something they also do)

Overall, it's a fascinating thing to me - slashdotters are generally very quick to voice their contempt of investors, traders, stock market, etc.
Except when worshiping valuations ... made by the very same people (who are blissfully unaware of what kind of monumental transformation is starting to happen to the world with 70+% - and rising - of its population already connected, typically for the first time; what kind of opportunities for investment will it bring, for one)

Re:He added in the comments of the linked article (0)

Anonymous Coward | more than 3 years ago | (#34946674)

From the article, it sounds like the attack requires the user to confirm a request to join the rogue GSM network. It seems like it should be possible for Apple's OS code to simply ignore whatever signal it gets from the GSM chipset indicating that there's an alternate GSM network available.

So while there may be problems at the hardware layer, it's probably possible to cover for those problems at the OS layer.

Re:He added in the comments of the linked article (2)

sznupi (719324) | more than 3 years ago | (#34950752)

Every GSM phone I'm decently familiar with (including very basic ones) has the option of ignoring roaming requests / invitations...

Re:He added in the comments of the linked article (0)

Anonymous Coward | more than 3 years ago | (#34942330)

The exploit he demonstrated has since been patched by Apple.

Were the audience iphone at the conference running latest firmware? If yes, why were they affected by the demo?

Re:He added in the comments of the linked article (1)

jsnipy (913480) | more than 3 years ago | (#34942422)

I think the event in question happened prior to the patching

Re:He added in the comments of the linked article (1)

CrossChris (806549) | more than 3 years ago | (#34945156)

...and it took about an hour to circumvent the Apple patches. They really don't have a clue!

All Phones? (4, Interesting)

tsj5j (1159013) | more than 3 years ago | (#34941546)

I had the impression that most, if not all, phones are vulnerable to this attack due to the inherent flaws in GSM.
This is a rather old news article that has been reported multiple times.

Why is it suddenly "news" again when someone discover it works on the iPhone?
And if you're on about targeting business users, won't a compromised Blackberry be as, if not more, significant?

Re:All Phones? (4, Insightful)

MickyTheIdiot (1032226) | more than 3 years ago | (#34941728)

for the same reason your boss wants an iPhone instead of an Android-based phone... too many people are stuck on brand names. When an brand name gets attached to a story, holy mother of God suddenly it's important.

Re:All Phones? (-1, Offtopic)

_0rm_ (1638559) | more than 3 years ago | (#34941784)

You could extend that and say the same thing about Windows.

Re:All Phones? (1)

Anonymous Coward | more than 3 years ago | (#34942552)

Not really. Windows is used because it actually works and allows you to use software that people care about unlike Linux, not because of its brand name.

Re:All Phones? (0)

MickyTheIdiot (1032226) | more than 3 years ago | (#34943636)

Really? The same bad boss I had thought Microsoft could do no wrong simply because of their brand name and how much money they have made...

Re:All Phones? (0)

Anonymous Coward | more than 3 years ago | (#34943462)

for the same reason your boss wants an iPhone instead of an Android-based phone... too many people are stuck on brand names. When an brand name gets attached to a story, holy mother of God suddenly it's important.

you are correct there. It happens though that the iphone is really a unique device and really worth having. So i guess some things are excluded to your saying.

Re:All Phones? (0)

Wovel (964431) | more than 3 years ago | (#34954650)

Maybe his boss wants a mobile phone with a real application market.

Its only "news" because of iPhone? (4, Insightful)

perpenso (1613749) | more than 3 years ago | (#34941792)

I had the impression that most, if not all, phones are vulnerable to this attack due to the inherent flaws in GSM. This is a rather old news article that has been reported multiple times. Why is it suddenly "news" again when someone discover it works on the iPhone? And if you're on about targeting business users, won't a compromised Blackberry be as, if not more, significant?

Its only "news" because of iPhone. If you don't mention iPhone in your title or description then your article/page will have fewer readers and you presentation will have fewer attendees. Basically mentioning iPhone in your title is marketing and even presentations have to be marketed.

Re:All Phones? (4, Insightful)

davester666 (731373) | more than 3 years ago | (#34941862)

Blackberry's are immune to all attacks because RIM is focused on selling to business, and they know that business cares about security.

Apple isn't focused on business, they are focused on regular consumers, and consumers care about ease of use and not security.

Therefore iPhones and virus-laden, malware-spouting candybar phones and Blackberry's are serious, productive work phones.

Re:All Phones? (2)

Bill_the_Engineer (772575) | more than 3 years ago | (#34942546)

So you assume that executives can't be duped into installing PhoneSnoop onto a blackberry. Also, what special phone protocol does these blackberries use? I'd assume that the ones on T-Mobile and ATT are GSM.

Not to mention there is a PDF exploit in the blackberry, it was announced last week on US CERT.

I think you've been blinded by your fanboism...

Re:All Phones? (2)

davester666 (731373) | more than 3 years ago | (#34942696)

And a whoosh to you sir.

Re:All Phones? (1)

Bill_the_Engineer (772575) | more than 3 years ago | (#34942740)

Yes whoosh to me...

You appeared to be serious.

Re:All Phones? (2)

davester666 (731373) | more than 3 years ago | (#34942982)

Well, I would think this claim would make it obvious my post was ridiculous:

"Blackberry's are immune to all attacks"

Re:All Phones? (1)

Fwipp (1473271) | more than 3 years ago | (#34943266)

Though you may find it hard to believe, simply saying dumb things doesn't count as humor.

Re:All Phones? (2)

idontgno (624372) | more than 3 years ago | (#34943350)

That's a good point, very often overlooked. But it can't be overlooked, really, when talking about the behaviors and desires of the management class. The dumbest things ever uttered were probably spoken in perfect and innocent sincerity by a PHB at some point in time.

Too many are the times I've chuckled at the ridiculous and clearly humorous pronouncement of a manager, only to be greeted with a bewildered stare and a "What's so funny?".

So, yeah, dumb stuff isn't always humor, and stuff like that makes an incredibly ineffective "whoosh".

Re:All Phones? (1)

Wovel (964431) | more than 3 years ago | (#34954698)

Your post was serious, then you got wtf pwned and tried to take it back. If all you had written was the first line, than maybe it was a joke. You went into a bit of an explanation there..

Re:All Phones? (2, Insightful)

ModernGeek (601932) | more than 3 years ago | (#34942042)

Also, when is code inherently flawed because it, "goes back to the 1990s". IIRC, this flaw has to do with phones connecting to unencrypted gsm networks without warning. I, for one am sick of this sensationalism. Where can I get some scientific news with well moderated discussion that will ensue?

Re:All Phones? (0)

Anonymous Coward | more than 3 years ago | (#34943564)

phones connecting to unencrypted gsm networks without warning.

If I'm not mistaken, encryption is not the issue, but the fact that GSM does not provide any method whatsoever for the phone to authenticate the network, only the network is able to verify (to some extent) that the HAndset has access to a valid SIM.

Re:All Phones? (0)

Anonymous Coward | more than 3 years ago | (#34943596)

Also, when is code inherently flawed because it, "goes back to the 1990s".

When it's talked about by Ruby and Java scripters (no you people are NOT programmers when you don't even know the basics of computer architecture beyond what is exposed in your toy languages). The weenies think if it hasn't been rewriten 15 different times in the programming language de jour it's got to be flawed. *gasp* It might have also been written in... C!!!!!!! DUN DUN DUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUN!

Re:All Phones? (1)

Minwee (522556) | more than 3 years ago | (#34942632)

Why is it suddenly "news" again when someone discover it works on the iPhone?

And it will become news once more as soon as someone figures out how to involve Twitter.

Re:All Phones? (1)

interkin3tic (1469267) | more than 3 years ago | (#34943052)

This is a rather old news article that has been reported multiple times. Why is it suddenly "news" again when someone discover it works on the iPhone?

I might be just speaking for myself, but I think there's value in re-reporting certain stories. It may bore those few experts who follow such news closely and remember everything, but I for one didn't know that this could happen and I suspect only about 1% of cell phone owners do.

It would be nice if news outlets would rehash stories from time to time. Important ones anyway, they -LOVE- to rehash sex scandals. Reminding US voters that there's still an expensive and deadly war going on... not so much.

XKCD (1, Funny)

Zlurg (591611) | more than 3 years ago | (#34941618)

Re:XKCD (0)

Anonymous Coward | more than 3 years ago | (#34943098)

I want to know what universe the xkcd cartoonist lives in where female techies are common enough to use in every second comic.

Oh wait, in this one the character was dreaming.

Re:XKCD (1)

tm2b (42473) | more than 3 years ago | (#34946620)

"Austin" is one such universe. Yes, it's the Promised Land.

Re:XKCD (1)

sznupi (719324) | more than 3 years ago | (#34950704)

Does it make up for the wilderness that surrounds it?

Re:XKCD (1)

drinkypoo (153816) | more than 3 years ago | (#34951560)

It doesn't even make up for its own weather, in my opinion. Things are not as rosy in Austin as residents would have you believe. On the other hand, if you are going to live in Texas, Austin is the only choice for a variety of reasons.

Users clicking on things... (4, Interesting)

astern (1823792) | more than 3 years ago | (#34941756)

... is always dangerous, but this goes beyond that.

Much more than a legacy leftover, this remains a chipset and baseband issue, and goes much deeper than the application set.

Dead giveaway (3, Funny)

93 Escort Wagon (326346) | more than 3 years ago | (#34941972)

If you've joined a bogus network, your first text message will read "How are you gentlemen!!"

Re:Dead giveaway (1)

bhcompy (1877290) | more than 3 years ago | (#34942024)

Home screen turn on

Re:Dead giveaway (1)

93 Escort Wagon (326346) | more than 3 years ago | (#34943258)

Someone set up us the GSM

Re:Dead giveaway (1)

Lehk228 (705449) | more than 3 years ago | (#34947034)

all your base station are belong to us

Nothing wrong. (0)

Anonymous Coward | more than 3 years ago | (#34946376)

There is nothing wrong with your iPhone.
Do not attempt to adjust your network settings.
We are now controlling the transmission.
We control the 3G, 4G and the WiFi.
We can deluge you with a thousand websites or expand one single app to crystal clarity and beyond.
We can shape your vision to anything our imagination can conceive.
For the next hour we will control all that you see and hear.
You are about to experience the awe and mystery which reaches from the deepest inner mind to the outer limits.

Oblig. Maxwell Smart (1)

Anonymous Coward | more than 3 years ago | (#34942524)

The old Fake GSM Base Station trick. That's the second time this week I fell for it!

No more Infineon for Apple (1)

BearRanger (945122) | more than 3 years ago | (#34943994)

Perhaps this is why Apple is moving to Qualcomm for future iPhone chips, starting with the CDMA iPhone for Verizon and other carriers. (This has been widely reported; I first saw it on Engadget.) This will almost certainly continue with iPhone 5.

Not a chip issue, people... (5, Informative)

Anonymous Coward | more than 3 years ago | (#34945818)

If I were Infineon (and I'm not, never have been affiliated with them), I would be hopping mad at being blamed for this kind of security flaw.

It is a GSM flaw and it is a basic architectural/protocol flaw - not a hardware OR (strictly) software vulnerability.

The problem is simple. GSM phones inherently trust GSM base stations to be authentic. A GSM phone has no way to validate the authenticity of an "alleged" base station. If the phone comes across a GSM BCH (broadcast channel) in its spectrum, and the BCH adheres to GSM protocol format, the phone accepts that the BCH is being transmitted by an authentic base station. There is nothing in the signal (messaging) that can be used to validate the base station's authenticity.

This was changed in UMTS (aka 3G). In UMTS, the protocol by which a UMTS phone attaches to a UMTS base station includes MUTUAL authentication. The base station must cryptographically prove its authenticity or the phone will not associate with it. This authentication related cryptography is performed inside the SIM card (called USIM application in UMTS) -- the phone simply serves as courier - between the base station and the USIM. The USIM tells the phone whether it finds the base station's credentials to be acceptable. Since the base station is authenticating the USIM's credentials as well, the authentication is mutual. Both the USIM - AND- the base station (actually the core network behind the base station) have to find each others' credentials acceptable, or the phone will not attach.

There is nothing Infineon or Apple or anyone else can do to "fix" this vulnerability in GSM. UMTS is the "fix".

P.S. Turning femtocells into rogue base stations is theoretically possible -- it is up to the femtocell manufacturer to build safeguards into their designs to make this impossible (I know - I've worked on just such safeguard designs in a past life...)

Re:Not a chip issue, people... (1)

tm2b (42473) | more than 3 years ago | (#34946648)

Seriously, mod this post up!

Re:No more Infineon for Apple (1)

BearRanger (945122) | more than 3 years ago | (#34945934)

Scratch that. The Anonymous Coward following my post needs to be modded up.

slashdot editing standards. (0)

Anonymous Coward | more than 3 years ago | (#34945936)

University of Luxembourg student

Ralph-Philip is a researcher at the university here, not a student.
This could be learned even from the Google results page. Don't even have to click links.

You wouldn't call Shigeru Miyamoto [wikipedia.org] an intern at Nintendo either, now would you?

Re:slashdot editing standards. (1)

Ash-Fox (726320) | more than 3 years ago | (#34949036)

You wouldn't call Shigeru Miyamoto an intern at Nintendo either, now would you?

No, of course not. I'd call him a proper Asian name, which would be determined by the sound of various pots and pans I throw down the stars.

Excellent ... (0)

Anonymous Coward | more than 3 years ago | (#34946600)

will it allow me to send a 'We will control the horizontal, we will control the vertical. For the next hour, sit quietly and we will control all that you see and hear.' message to iPhone users?

That would be so totally fsckin' cool.

This is not protocol flaw, this is business model (2)

Vitus Wagner (5911) | more than 3 years ago | (#34948960)

There are a lot of people discussing "flaws" in the GSM, "nice features" in UMTS and no one mentioning stupiid truth.
Problem not in the protocols, or software. Problem is that operators think that they have right to control user equipment.

And when this equipment grows from the stupid phone to full-featured computer, user privacy goes void.

Do not be afraid of rogue with laptop, be afraid of operator's insider.

What would happen if next generation of phones would get direct brain interfaces? You'll allow operators to control your brain just like now they control your calendars and bookshelves?

Re:This is not protocol flaw, this is business mod (0)

Anonymous Coward | more than 3 years ago | (#34949252)

Whooooo there. Take a deep breath, put your tin-foil hat back on and please return to your moms basement.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?