Serious Cell Phone Vulnerability Detected

By Brian Turner

Wilfried Hafner, the CEO of SecurStar GmbH, has developed a Trojan horse, named “RexSpy”, which seriously jeopardises cell phone security. The Trojan, which was developed solely for demonstration purposes, is transferred by sending an invisible and unnoticeable SMS message to a cell phone. When the Trojan invades the system, the security vulnerabilities show the possibility of eavesdropping on any cell phone.

SecurStar GmbH gives advice on protection and offers a security tool free of charge that can be downloaded immediately at www.securstar.com.

Hafner demonstrated the discovered vulnerability at the security exposition “Systems” in Munich. Using an undetectable SMS message, completely invisible to the operating system, the SMS sender can spy on the cell phone user whenever the phone is in use. All SMS messages can be read and all conversations can be listened to. The surrounding areas can be monitored via the infected cellular phone and the Trojan can access and forward complete address books.

SecurStar offers a comprehensive security solution, PhoneCrypt, which protects against electronic eavesdropping, either via Trojan horse viruses or other tools such as IMSI-Catcher. PhoneCrypt eliminates the risk of conversations being monitored or overheard since it effectively eliminates eavesdropping by third parties using military-grade encryption. The solution uses Microsoft Windows and does not impair the original functionality of the phone. A Symbian-based version for pocket computers and smart phones is in developmental stages.