Mobile security continues to be a major concern for many of those in the enterprise and a recently discovered vulnerability found in common wireless devices will only add to the headaches.
According to Reuters and others, German researchers recently revealed GSM network technology, which services roughly 80 percent of the world's mobile market, is vulnerable to an attack that would allow hackers to take control of a mobile device and use it to send text messages and make calls remotely.
Karsten Nohl, a German hacker and the mobile security expert who disclosed the security weakness, said many of the world's mobile operators do not provide adequate security to their customers, which has led to a threat of potentially monumental proportions. Such inadequacies could result in any number of problems, including identity theft and unauthorized surveillance – a particularly hot topic amid the News Corporation scandal this year.
According to the New York Times, Nohl claims he was able to hack into other people's phones using nothing more than a 7-year-old Motorola handset and free decryption software that he downloaded off the Internet. From there, Nohl could intercept voice and text conversations and even impersonate the account identities of users.
"We can do it to hundreds of thousands of phones in a short time frame," Nohl told Reuters in an interview.
Nohl and fellow researchers reviewed the security practices of some 31 wireless carriers from 11 countries and rated each on the defense quality of their networks. The security expert will highlight the rankings of these carriers at the Chaos Computer Club gathering in Berlin this week, though, according to Reuters, he will not discuss the details of the attacks – presumably for data security reasons.
This news is likely to be poorly received by enterprise IT managers, who are already dealing with the challenges of mobile security. Mobile-specific malware, access control and theft are among the issues that IT managers must address when dealing with mobile devices – no easy task when considering the diversity of platforms used in the enterprise and the relative youth of the smartphone and tablet markets.
Knowing that the mobile phones used by the large majority of their workforce are vulnerable to a relatively simple attack can only cause more stress for those responsible for locking down the security of such devices.
Fortunately, according to Nohl, the solution to the problem is a simple security patch issued by the wireless providers. The New York Times reported that T-Mobile in Germany and Swisscom in Switzerland are already working on these patches to fix the insecurities in their own networks, and others are likely to follow.
TDC Sunrise of Switzerland, Orange Switzerland and True Move of Thailand were found to have the poorest security of carriers studied by Nohl. Deutsche Telekom's T-Mobile of Germany and Slovakia and Swisscom's Natel of Switzerland were reported as having the best security, according to the Times. France's SFR also offers better-than-average protection against hackers and other cyberthreats, Nohl stated.
"This is a major vulnerability in most networks we tested, and the irony is that it costs very little, if nothing, to repair," Nohl told the New York times. "Often it is just a question of inertia on the part of operators, or they have other priorities, such as building their networks."
According to the New York Times, several of the operators have chosen to wait until more details are available before making any serious moves. The GSM Association, which represents the operators, echoed this sentiment, noting that many security measures are already in place that may prevent the types of attacks highlighted in Nohl's study.
"GSM networks use a range of encryption and authentication technologies and other features to make it difficult for criminals to fraudulently access and/or eavesdrop on customer communications or to identify and locate customers," the GSM Association stated, according to the New York Times.
Still, until the vulnerability is repaired, IT managers must be mindful of the security implications it presents and may be well advised to keep a watchful eye on their employees' mobile usage to spot any suspicious activity.
At the same time, utilizing antivirus software designed specifically for mobile devices and other measures to protect a company's network from intruders can also have countless benefits when it comes to mobile security. In the coming years, hackers and cybercriminals are expected to increase their focus on mobile devices, targeting unsuspecting smartphone and tablet users in order to steal information. As the threats facing these devices increase, so too must the practices utilized to protect them.
Consumerization News from SimplySecurity.com by Trend Micro