Hardware-based Attacks

Hardware-based attacks take advantage of newly-discovered or known/unprotected vulnerabilities in the hardware components of your device. Third party hackers utilize off-the-shelf components to target your device, exploiting these vulnerabilities to take control of your device, and then gain access to your personal information.

Baseband Attack

To execute a baseband attack, a hacker must first set up a fake cell tower and convince a nearby phone (the target) to connect to it. The hacker can then download malicious code that will attack vulnerabilities in the GSM/3GPP stacks of the phone’s baseband processor, typically Qualcomm or Infineon chip sets. While this attack type is limited to those individuals or entities with the resources and technical know-how to set up their own bogus cell towers, the cost of setting one up has fallen dramatically in recent years and it can now be accomplished for about $1000.

The system works by first “catching” the International Mobile Subscriber Identity (IMSI) number of passing cell phones, following which it is then able to communicate directly with the baseband processor. “The baseband attack is an extremely technical hack,” according to Don Bailey, Security Consultant with ISEC Partners.The 2G network is by far the most vulnerable. GSMK, a German security company says it detected 17 such fake cell towers in the U.S. on a recent drive through the country. Mobile phones actively seek out the radio signal from cell towers and connect to the nearest one. The phone then has to prove its authenticity to the tower it’s connecting to. Connections between phone and tower are typically encrypted, but the encryption standard is determined by the tower, so if the tower is a bogus one, once the IMSI has been determined for the target phone, it can be configured to transmit with no encryption. Thus, the bogus tower can force decryption on connecting cell phones, and can then inject malware to infect the baseband processor. Alternatively, the malware can transfer the outgoing communications to a legitimate network, thus enabling in a man-in-the-middle network-based eavesdropping attack.

Find out more about the QS1 case and how it protects against baseband attacks.

The Vysk QS1 Case

Looking for more information?

Request Info