Protect your smartphone from radio-based attacks

2021-07-19 05:30

It's not a coincidence that most of the security tips given to smartphone users - such as refraining from opening suspicious links or downloading untrusted apps - also apply to PCs. But unlike PCs, smartphones contain a plethora of radios - typically cellular, Wi-Fi, Bluetooth and Near Field Communication - that enable wireless communication in a variety of circumstances, and these radios are designed to remain turned on as the user moves through the world.

An IMSI catcher is equipment designed to mimic a real cell tower so that a targeted smartphone will connect to it instead of the real cell network.

Thankfully, 5G in standalone mode promises to make IMSI catchers obsolete, since the Subscription Permanent Identifier - 5G's IMSI equivalent - is never disclosed in the handshake between smartphone and cell tower.

In a Karma attack, the rogue AP exploits a basic feature of smartphones: whenever its Wi-Fi is turned on but not connected to a network, a smartphone broadcasts a preferred network list, which contains the SSIDs of access points to which the device previously connected and is willing to automatically reconnect to without user intervention.

Once the targeted smartphone connects, an attacker can eavesdrop on network traffic to collect sensitive information and even push out malware to the device or redirect the victim to a malicious site.

Even though radio-based attacks against smartphones are often invisible to the user and largely outside of the scope of most mobile security tools, there are a few actions you can take to keep your smartphone and your data safe.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Pqh1a5aSjPk/

#attack #smartphone