Three critical ones security gaps in BTS stations allow hackers to breach mobile phone antennas, according to them researchers by Zimperium.
"BTS" comes from the initials of the Base Transceiver Station and is the technical term used to describe the mobile antennas we see every day in our cities.
BTS stations are the backbone of every mobile phone network around the world and are used to relay calls, SMS messages and data packets from our mobiles to data centers of mobile telephony companies, which in turn transmit calls SMS and data packets to their destination.
Mobile security firm Zimperium, (which discovered the Stagefright bug), reports that there are three critical bugs in various packages software which runs in BTS stations.
Σύμφωνα με την Zimperium, επηρεάζονται εταιρείες που το λογισμικό τους περιλαμβάνει τα Legba Incorporated (YateBTS
There are currently three issues that mobile carriers and BTS software vendors should be tackled directly with their equipment.
The first is a bug in a BTS core software service that exposes the device to external connections, allowing an attacker to reach the BTS station transceiver over the Internet.
Attackers can send UDP packets to some managed ports (5700, 5701, 5701) and take advantage of the built-in device features. This allows the attacker to gain remote control of the BTS station, modify the GSM traffic, collect information from the passage of data, crash the BTS station, and more.
In this case, the Zimperium recommends companies shut down the ports used to control and exchange data using only the local interface (127.0.0.1), or to deploy a firewall to block external traffic.
The second issue is a memory overflow caused by oversized UDP packets. It's a classic flaw that allows remote execution code (remote code execution flaw or RCE) that allows an attacker to execute malicious code on the device. This bug is only as dangerous as the attacker's abilities.
The third error is related to the first. If the attacker can send custom UDB data to the BTS station, because the control channel does not have any control ID cardς, μπορεί και να εκτελέσει εντολές στη μονάδα του πομποδέκτη του σταθμού BTS. Ο πομποδέκτης είναι το κύριο συστατικό στην εξέδρα του σταθμού BTS που στέλνει και λαμβάνει δεδομένα.
This particular defect, according to Zimperium, allows an attacker to control the transceiver unit remotely, without having to have administrator passwords.
