• Your favorite








    , and
  • Your iPhone Can Be Hijacked Over Its Cellular Network

    AT&Tís cellular network is vulnerable to malicious hackers that ultimately hijack your data, along with 47 other cell phone carriers, allowing the hijacker to intercept information such as calls, text messages, and cellular data as discovered by some researchers from the University of Michigan. The vulnerability affects all AT&T smartphones, tablets, and computers using cellular connect cards, including Android devices and the iPhone. The vulnerability is a problem because once the data is intercepted, a malicious hacker can inject malicious data into the traffic passing between devices and ultimately leaves the user unknowingly affected.

    This kind of hijacking gives the malicious hacker the ability to redirect phone users to duplicitous Web sites, which attempt to mimic those of legitimate ones to steal user login credentials and scam people out of their money. According to Ars Tecnhica, the vulnerability is caused by a firewall system that AT&T (and other carriers) implemented to attempt to keep hackers out of the cellular data. That being said, the security measure is ironically the cellular carrierís Achillesí heel:

    Quote Originally Posted by Ars Technica
    "The TCP sequence number inference attack opens up a whole new set of attack venues," the researchers from the University of Michigan's Computer Science and Engineering Department wrote in a research paper scheduled to be presented at this week's IEEE Symposium on Security and Privacy. "It breaks the common assumption that communication is relatively safe on encrypted/protected WiFi or cellular networks that encrypt the wireless traffic. In fact, since our attack does not rely on sniffing traffic, it works regardless of the access technology as long as no application-layer protection is enabled."
    Since the attack is performed by intercepting data, the information the user sends out never actually reaches the server it is supposed to. In the instance of being hijacked, the information the user sends out goes right to the hacker and is then sent back to the user with the hackerís special spice mixed into the data. For example, a user trying to send information to a banking server would, in reality, be sending information to the hacker and receiving non-legitimate feedback. The cellular firewall system acts as a go-between for the user and the hacker.

    The hijacking vulnerability is just another reason why users should not rely on an open, public network to do their banking, personal Facebooking, and other things that can cause detrimental damage to a person. Cellular networks are as public as unsecured Wi-Fi networks. Banking and Facebooking should be saved for your personal computer on wired or secured Wi-Fi networks such as that in your home as this will be a way of guarding yourself from this cellular hijacking.

    Sources: Ars Technica via Cult of Mac
    This article was originally published in forum thread: AT&T iPhone Can Be Hijacked Over Cellular Network started by Anthony Bouchard View original post
    Comments 22 Comments
    1. quidam_brujah's Avatar
      quidam_brujah -
      Awesome. You just advocated for not using your smartphone for 90% of what it gets used for. If the general populace reads and follows this, my cell connections will be supa-fast.

      Also, your synopses was a little confusing. After reading the Ars Technica article, I get it. I also read the UoM paper and see that you got most of the salient points in there but, it just didn't read too well for me. Maybe it's only me.
    1. riverratt's Avatar
      riverratt -
      Um... You know... I'm thinking....
      I really don't want to sound like I'm a defender of the carrier networks of today or anything because in reality I believe that they are indefensible but on this particular issue really it's that fellow Marconi that you should be blaming for this issue really.
      After all, our modem day communications would never have been had he not discovered the nature and uses of RF but never bothered to discover how to make sure no one else could access it at the same time.
      Radio Frequency privacy was his failure after all.