Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

The iPhone wasn’t the only phone targeted by security researchers. Nicholas Percoco and Christian Papathanasiou, both researchers at TrustWave’s SpiderLabs, presented a rootkit for the Android HTC Desire at Defcon. The researchers didn’t focus on how to get the rootkit onto a user’s device–software that gives an attacker complete control over a system. Instead, they explored what could happen once an attacker was able to get a rootkit installed.

Percoco says the rootkit gives an attacker very low-level access–making it possible to, for example, cause the device to make “phantom phone calls”–connections that a user wouldn’t notice. This ability might be attractive to attackers looking to make money by collecting fees from a 900 number, Percoco notes.

Percoco argues that it is dangerous that software makers hide much of a smart phone’s complexities from users. This makes for good usability, he says, but it also makes it hard for a user to know when something has gone wrong. “Most users don’t question the integrity of their phones,” he says.

Karsten Nohl, a prominent German security researcher, says the iPhone, which automatically limits the code that can run on the device, is more secure–by default–than the average PC. But he adds that hackers can also attack mobile infrastructure. He says that this infrastructure is less secure than corresponding Internet infrastructure because it hasn’t been researched as thoroughly.

Nohl presented research at Black Hat showing how to break the encryption used by GSM–the network standard for most phones around the world (in the United States, several major carriers use a competing network technology known as CDMA). Nohl released software that allows a user equipped with a software radio (hardware that costs about $1,500) to analyze and break the encryption used to protect GSM communications. Research into GSM has been slowed by the inaccessibility of the networks, Nohl says, but these days anyone can apply knowledge of Internet and PC hacking to GSM.

Other network attacks revealed at Defcon could allow someone to track people’s locations through a mobile network’s databases. Nohl says he hopes that these and other new attacks will make network operators address vulnerabilities with patches and stronger encryption.

6 comments. Share your thoughts »

Credit: Technology Review
Video by Brittany Sauser

Tagged: Computing, iPhone, Black Hat, hacking, mobile security, Andriod, DEFCON, GSM

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me