Grey market phones – a security risk

21 Mar 2006

minute read

Authors

Konstantin Sapronov

In the majority of European countries it’s possible to buy a mobile phone for very little money. In effect, the cost of the handset is subsidized by the service provider. However, in many cases, the phone will only work on a specified network.

If the user wants to put in a new SIM card, and change service providers, the handset has to be unlocked. This is done by changing the firmware on the phone.

As a rule, these phones are only sold on the grey market. Some sources estimate that between 15 – 18% of users have such phones. This causes an estimated 1.5 million euros loss to the mobile telecoms market.

Unlocking handsets is illegal, and causes a whole range of security problems.

A lot of modern handsets run Symbian OS, and are therefore vulnerable to attack from mobile malware. There are a number of known cases where ‘unlocked’ phones have been infected with Cabir or with other malware.

The firmware itself can pose another threat. The firmware on grey market handsets that have been unlocked may contain code which can be used by unsanctioned services, and could potentially add several hundred euros to the user’s phone bill.

The Italian mass media has recently reported a number of such cases, and an investigation is currently being conducted.

Authors

Konstantin Sapronov

Grey market phones – a security risk

Latest Posts

Latest Webinars

Reports

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Kaspersky GReAT experts discovered a complex APT attack on Russian organizations dubbed Operation ForumTroll, which exploits zero-day vulnerabilities in Google Chrome.

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.

Grey market phones – a security risk

GReAT Ideas. Balalaika Edition

GReAT Ideas. Green Tea Edition

GReAT Ideas. Powered by SAS: malware attribution and next-gen IoT honeypots

GReAT Ideas. Powered by SAS: threat actors advance on new fronts

GReAT Ideas. Powered by SAS: threat hunting and new techniques

Mac OS X

War-nibbling 2007

Kaspersky Security Bulletin 2006: Malware for Unix-type systems

Just for fun

Kaspersky Security Bulletin, January – June 2006: Malware for non Win32 platforms

How much security is enough?

TOP 10 unattributed APT mysteries

The future of cyberconflicts

Researchers call for a determined path to cybersecurity

What does it take to become a good reverse engineer?

Latest Posts

Streamlining detection engineering in security operation centers

GOFFEE continues to attack organizations in Russia

Attackers distributing a miner and the ClipBanker Trojan via SourceForge

How ToddyCat tried to hide behind AV software

Latest Webinars

In-depth analysis of cyberattacks: key findings from Kaspersky’s Incident Response report

Silent shields & digital dragons: MDR’s proactive protection

From chaos to control: streamlining detection engineering in Security Operation Centers

Сrimeware and financial cyberthreats in 2025

Reports

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain

SideWinder targets the maritime and nuclear sectors with an updated toolset

Subscribe to our weekly e-mails