Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Mobile networks have hardware security vulnerability says report

"Until relatively recently, the mobile industry has been somewhat removed from security threats. It has been possible to treat the low-level fraud that has been with the mobile industry since its inception as a minor irritant", said Patrick Donegan, Heavy Reading's senior analyst.

"The data-oriented direction that the mobile industry is embarking on will expose the mobile network to a variety of new security challenges", he added.

The report notes that, whilst mobile networks have traditionally been less vulnerable to attacks than the wireline network, that gap is now closing.

The mobile network, says Heavy Reading, has had much less exposure to IP traffic and IP end-points, but it is growing as mobile operators acquire more mobile broadband subscribers and become true ISPs.

The report has been welcomed by Trusteer, the secure browsing service specialist.

Amit Klein, Trusteer's CTO, says that the wireless nature of the cellular networks makes them more susceptible to criminal attack.

"If anything, our research suggests that the report understates the security risk that the last mile of the cellular-delivered mobile internet now represents, as A5/1 – the main GSM encryption algorithm – was cracked in a practical attack late last year by Karsten Nohl", he said.

“Put simply, this means that, with sufficient equipment and CPU power, we believe that a cybercriminal can now mount a practical eavesdropping or web browser injection attack on a cellular delivered internet connection", he added.

According to Klein, whilst a WiFi-based internet connection can be said to be less secure than a desktop link, on the basis that the wireless signal can be intercepted and/or eavesdropped in some way, its range is relatively short before it hits the landline networks.

With the cellular mobile internet, however, the signal can reach for several miles, and is therefore a lot more vulnerable to electronic trickery, he explained.

With mobile dongles and MiFi units now becoming more and more popular – largely owing to their considerable flexibility and the fact that the technology also frees users from the 'line rental tax' that almost also telcos impose on their broadband users – Klein says that more and more web traffic is being carried the last mile by cellular means.

Add in the fact that mobile internet connections are highly transient, with dynamic IP addresses that are used and re-used on a cyclic basis, and you begin to see the nature of the problem, he noted.

"Until the hardware vendors and networks address the issue, perhaps with the assistance of IT security software vendors as well, it's clear that mobile internet connections need to be considered less safe than their landline equivalents", he said.

That isn't to say the problem isn't surmountable, as users of online financial services should employ any and all security measures available to them in addition to their existing IT security measures", he added.

"Add in some serious commonsense when using mobile internet connections, and your online session should be safe, despite the underlying insecurities in cellular encryption and the network infrastructures."

 

What’s Hot on Infosecurity Magazine?