• Any phone on GSM network is open to new attack
  • Gives hackers total control instantly
  • No details published - but hackers will be able to use attack 'within weeks' says researcher
  • Security on networks 'dates to 1990'

By Rob Waugh

Last updated at 4:52 PM on 27th December 2011


Any mobile on any GSM network is open to the new attack, says German researcher Karsten Nohl

Any mobile on any GSM network is open to the new attack, says German researcher Karsten Nohl - giving hackers control of handsets to make calls and send messages at will. Hundreds of thousands of handsets can be controlled very rapidly

The GSM network is the 'normal' mobile phone network - used by four billion phones worldwide, and accounting for 80 per cent of the global mobile market.

But a new vulnerability demonstrated by Karsten Nohl, head of Germany's Security Research Labs, shows that any phone on any GSM network is vulnerable to attack.

The new attack - which Nohl did not publish - allows hackers to control hundreds of thousands of mobile phones at once.

The attack allows hackers complete control over the handsets, and could be used to make or send texts to premium phone and messaging services - a typical fraudster attack which can leave victims with enormous bills.

Nohl said that although he refused to lay out details of how the attack worked, it was inevitable that hackers would reproduce it 'within weeks'.

'We can do it to hundreds of thousands of phones in a short timeframe,' Nohl said in advance of a presentation at a hacking convention in Berlin on Tuesday.

Security Research Labs said, 'GSM telephony is the world's most popular communication technology - connecting over four billion devices.'

'The security standards for voice and text messaging date back to 1990 and have never been overhauled.'

Similar attacks against a small number of smartphones have been done before, but the new attack could expose any cellphone using GSM technology.    

Such attacks are fairly common against corporate phone systems.

Fraudsters make calls to the numbers from hacked business phone systems or mobile phones, then collect their cash and move on before the activity is identified.  

The phone users typically don't identify the problem until after they receive their bills and telecommunications carriers often end up footing at least some of the costs. 

Even though Nohl will not present details of attack at the conference, he said hackers will usually replicate the code needed for attacks within a few weeks.   

Here's what other readers have said. Why not add your thoughts, or debate this issue live on our message boards.

The comments below have been moderated in advance.

OMG!! We are all in great danger, thank you DM.

Report abuse

Do you not think it has already been exploited and done. Same as anti-virus software companies; they create the problem then sell you a solution - possibly the greatest business model ever ?

Report abuse

Scaremongering...

Report abuse

In law, make the phone companies responsible for paying for the hacked phone calls and these security holes will be closed over night. Just like illegal use on a credit card.

Report abuse

Well I'm on an iPhone and everything seems absolu

Report abuse

Clever lad isn't he? You'd hope he had the sense to alert the GSM providers as soon as he worked it out. It beggars belief that he's highlighted this.

Report abuse

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.