At this week’s Black Hat security conference, researchers plan to unveil different techniques for easily taking over a smartphone without alerting the user or phone company. Security consultant Mathew Solnik will outline the ways in which he can use the Internet to hack anyone’s phone from 30 feet away. Georgia Institute of Technology students will present the ways in which they can take over the latest iPhone. And a researcher from Bluebox will show how Android apps can steal user data.
“Solnik says he figured out essentially how to pose as a wireless company through a loophole in several phones’ radios,” reports The Wall Street Journal. “His hack, he says, affects current phones running software made by BlackBerry Ltd., Google Inc. and at least one older version of Apple’s iPhone.”
Devices running on the latest LTE networks are the most vulnerable.
For less than $1000, Solnik can buy what essentially serves as a fake cellphone tower, which can upload malicious code on a phone 30 feet away. Solnik and co-worker Marc Blanchou of security consulting firm Accuvant Inc. say they developed the technique only to show what is possible.
“Their hack affects software that works with baseband chips made by Qualcomm Inc., which makes the vast majority of baseband chips for modern smartphones. Qualcomm confirmed Accuvant had found a security hole and said it is helping affected companies with a fix,” explains WSJ.
All companies affected by the hack have released statements saying that they are working to fix the bug.