Mobile Security: Smartphones, 3G Hackable
Today Fierce Wireless has two separate reports of mobile vulnerabilities. The attention of hackers is a very strong indicator of the importance of mobile technology. As a (mostly) glass half full person, despite the lurking danger, I see it as a bullish indicator for the industry.
Specifically, security experts warn that the key 3G encryption technology used by most phones and operators is vulnerable to hackers. Experts say the 3G encryption algorithm could be broken in as little as two hours.
What does this mean for mobile commerce and mobile banking? Nothing yet, in my opinion. Any reputable mobile commerce system uses SSL encryption for the traffic between the application and the mobile commerce server. The 3G encryption is around this SSL encryption tunnel. Therefore if someone were to crack the 3G encryption, they’d be stuck with a standard, Internet grade SSL encryption that so far has resisted attacks.
Of course there could be future risks where the vulnerability allows something malicious on the phone that tricks users into doing something dangerous that they think is secure.
The second security alert involves hackers breaking into smartphones to do old-fashioned phone phreaking exploits like using a trojan to dial expensive 900 numbers they’re in control of. As with traditional exploits, trojans such as Swapi.B get installed from porn sites or applications posing as helper apps.
The arms race has begun.