Hack turns smartphone into spy bug

iPhone becomes remote listening device

Apple iPhones and Android smartphones can be hacked to become remote listening devices unbeknown to their users, according to a security researcher at the University of Luxembourg.

The security flaw is due to be unveiled today in Washington DC at the hacker conference Black Hat 2011 by Ralf-Philipp Weinmann. The over-the-air attack targets the GSM/3GPP stack to enable the hacker to execute malicious code on the baseband processor.

Once this code is running, the phone’s auto-answer function can be used to turn the device into a ‘bug’, eavesdropping on conversations in the vicinity of the microphone, Weinmann told Computerworld US.

“The advent of open-source solutions for running GSM base stations is a game-changer,” Weinmann writes in his Black Hat conference teaser.

“Malicious base stations are not considered in the attack model assumed by the GSMA and the European Telecommunications Standards Institute (ETSI); similarly vendors of baseband stacks seem to not have taken malicious input from the network side into account,” he adds.