They could use the vulnerability in the GSM technology -- which is used by most telecom operators globally and by billions of people -- to make calls or send texts to expensive, premium phone and messaging services in scams, said Karsten Nohl, head of Berlin-based Security Research Labs.
Nohl is a well-regarded expert on mobile security who last year identified a bug in GSM technology that makes calls vulnerable to tapping. He says he is calling attention to these flaws to pressure the industry into beefing up the security of their products.
Mobile security is a hot issue because hackers are paying unprecedented attention to the devices as smartphone sales have outpaced sales of PCs.
Only a few flaws have been found in GSM technology - which stands for Global System for Mobile Communications - over its 20-year history. Industry lobby group GSMA said on Tuesday it did not expect the new findings to affect its views on the security of the technology.
"The GSMA and its mobile network operator members are confident in the security of existing 2G GSM networks and real attacks on real networks against real customers are most unlikely," it said in a statement, adding that newer technologies are safer and not impacted by the new research.
GSMA's statement "on anticipated GSM security announcements" did not make clear whether the industry group had actually seen Nohl's latest research.
Security experts have previously identified a small number of viruses designed to infect smartphones, allowing hackers to take control of the devices and force them to make calls or send text messages. But Nohl said he has discovered a way to leverage previously disclosed vulnerabilities in GSM technology that could potentially threaten hundreds of thousands of phones.
"We can do it to hundreds of thousands of phones in a short time frame," Nohl told Reuters ahead of a presentation on the topic at a hacking convention in Berlin on Tuesday.
SECTOR IN FOCUS
Smartphone malware is popping up at an unprecedented rate as people put more and more valuable information on the devices, using them to hold corporate secrets, conduct banking and function as digital wallets.
GSM became the dominant mobile technology globally in the late 1990s and even though new, faster mobile networks have been rolled out across the world, operators have stuck to their GSM networks to support older phones and to offer service when new networks fail.
The Berlin convention takes place just days after U.S. security think tank Strategic Forecasting Inc (Stratfor) said its website had been hacked and that some names of corporate subscribers had been made public. Activist hacker group Anonymous claimed responsibility.
Attacks on corporate landline phone systems are fairly common, often involving bogus premium-service phone lines that hackers set up in countries in Eastern Europe, Africa and Asia.
Fraudsters make calls to the numbers from hacked business phone systems or mobile phones, then collect their cash and move on before the activity is identified.
The phone users typically do not realize the problem until after they receive their bills, and telecommunications carriers often end up footing at least some of the costs.
Even though Nohl will not present all details of possible attacks at the conference, he said hackers will usually replicate the code needed for attacks within a few weeks.
T-MOBILE, SFR LEAD NEW RANKING
Mobile networks of Germany's T-Mobile and France's SFR offer their clients the best protection against online criminals wanting to intercept their calls or track their movements, according to a new ranking Nohl will unveil at his presentation.
The new ranking, at gsmmap.org, is conducted by security researchers, who hope this will heighten the awareness of operators and consumers on the vulnerability of their mobile communications.
Researchers reviewed 32 operators in 11 countries and rated their performance based on how easy it was for them to intercept the calls, impersonate someone's device or track the device.
"None of the networks protects users very well," Nohl said.
The sample is set to grow from 32 carriers dramatically next year as the tool enables anyone to participate in data gathering
by downloading measuring software to their phones.
Nohl said mobile telecom operators could easily improve their clients' security, in many cases by just updating their software.
Researchers reviewed operators in Austria, Belgium, the Czech Republic, France, Germany, Hungary, Italy, Morocco, Slovakia, Switzerland and Thailand.
(Additional reporting by Jim Finkle; Editing by Matt Driskill, Vinu Pilakkott and Matthew Lewis)
Posted by Jason Lomberg, Technical Editor