Comment Articles

Mobile phones cause hacker delight

Rupert Goodwins AnchorDesk

Published: 06 Apr 2000 14:34 BST

A hacker armed with nothing more than a telephone can potentially take over PCs anywhere in the world using the technique, which has been known to engineers within the industry for months but has just become public knowledge. Anyone whose mobile phone is too close to their computer is vulnerable, and runs the risk of having personal data and files accessed and forwarded by email to the hackers themselves.

To explain how it works, it's necessary to understand how mobile phones work normally. Original GSM works by having a single radio frequency channel split between many phones, each getting a small slice of the overall bit stream. The phone's transmitter is turned on hundreds of times a second for the duration of the time slice belonging to it -- the cause of the characteristic rasping noise heard when you hold a GSM phone close to a radio, audio amplifier or other device with a loudspeaker. More advanced methods being introduced allow the phone to use two or more time slices, thus increasing the total bandwidth available to the user - GPRS, the General Packet Radio System works this way, bundling up time slices to a maximum of 56k initially, and finally to 384k.

It's this final step which has introduced the security hole. As part of the changes necessary to reach the fastest speed, phone companies are introducing EDGE, an enhanced modulation scheme that squeezes more data into each time slot. It also increases the efficiency of the link by bringing in the concept of subslots, tiny changes in the timing that let phones give up fractions of the bandwidth when they don't need it. Although this change can be initiated by the phones themselves, the operators can also force it on a mobile, either by control signals sent during the connection or, more permanently, by sending an encoded SMS - text message -- to reprogram the time division algorithm. Many mobile phones already contain subslot code as part of the manufacturers' roll-out plans for GPRS, and will respond to the SMSs if they have SIM Phase 2+ compatibility - as most produced for the past six months do.

The trouble comes when the subslot timing is changed to coincide to the scanning frequencies within a PC keyboard. By careful selection of the transmitter on:off ratio, and by getting it to send the right combination of bits, it is possible for a phone to interfere with a PC keyboard and introduce fake keypresses - in effect, giving a remote hacker a measure of control over any PC that's too close to a mobile phone.

But are you vulnerable, and can you stop it?