Thursday, May 29, 2008

New Smart Phone Hack Could Expose Cell Network

Via DarkReading -

Researchers have hacked a built-in maintenance application found on many smart phones that could open the door to hacking the cellular network itself.

David Maynor, CTO for Errata Security, this weekend at the Summercon security confab in Atlanta will demonstrate a tool built by Errata that provides a peek into the inner workings of the cell network, such as the frequency at which a smart phone is operating. Maynor will also explain how he reverse engineered the so-called Field Test application found in Windows Mobile and Apple iPhone smart phones in advance of Errata's building the tool.

Errata calls its hack “cellular spelunking,” and will release the source code for its new tool in conjunction with Maynor’s presentation. Maynor says the tool is aimed at cell network providers and smart phone manufacturers, as well as “people who want to know how cell networks work.”
“I don’t know why these [maintenance] apps are on a phone for consumers,” says Maynor, who says his demo won’t contain any potentially unlawful or malicious hacking activities. “If you start looking at security as whole, mobile devices are a larger concern... This is really an unexplored area of security.”

Maynor says Errata didn’t exploit any vulnerabilities in the hack -- that wasn’t necessary, he says. “This weakness in the phone leads to a greater understanding of the network as a whole.”

No comments:

Post a Comment