Monday, November 16, 2009

Mobile Phone Bug Allows Wiretapping

Fact or Netmyth?
You decide.
Report back.

Summary
Erricson's WAP, Wireless Application Protocol, suffers from a security flaw that allows attackers to listen into other WAP sessions traveling on the cellular carrier wave.

Details
Erricson Mobile Phone allows attackers to wiretap other lines. This attack is limited, since you cannot choose which number to wiretap on, and you cannot talk at the same time that you are wiretapping a line. This vulnerability shows the lack of security of WAP as it is offered in today's cellular networks.

IMPORTANT NOTE: Wiretapping is illegal. The following information is just a proof of concept that shows a potential vulnerability in Erricson's WAP implementation.

How to wiretap from an Erricson Cell Phone:
1) Type 904059
2) Menu
3) Yes
4) 1
5) RCL
6) Yes
7) 8300**
8) Yes
9) 86
(Instead of the ** you can write any number you wish, except for the number 00)

To stop the wiretapping:
1) Type RCL
2) 3
3) Yes
(via)

Our spies report back...
"I am with cellular operator and today I asked my technical staff about this method. They replied
this is very old news, about year 2001. This bug was on very old Ericsson (before Sony Ericsson) phones and modern phones do not respond to this code sequence."
Thank you!