GSM now wide open to eavesdropping and tracking
OTOH: Disable 2G if you can?
Published 15:44, 27 December 11
The widely-used 2G GSM system for mobile phones is horribly insecure. This is not exactly news, but it's now worryingly easy for criminals to intercept your calls, texts, or voicemail. A presentation at today's Berlin CCC meeting revealed all.
- On the one hand, the sky is falling.
- On The Other Hand, perhaps your phone allows you to only use 3G cells?
Plus, today's skateboarding duck: Best of 2011 Megashuffle Multibooty...
Tarmo Virki reports:
[There's a] vulnerability in the GSM network technology, which is used by...80 percent of the global mobile market,...[allowing attackers] to make calls or send texts to expensive...services in scams, said Karsten Nohl, head of Germany's Security Research Labs.
"We can do it to hundreds of thousands of phones in a short timeframe," [said] Nohl...in advance of a presentation at a hacking convention in Berlin. ... Nohl will not present details of the attack.
Aunty Beeb adds:
Karsten Nohl and Sylvain Munaut demonstrated...[the] toolkit at the Chaos Computer Club Congress (CCC) in Berlin. ... The pair spent a year putting [it] together.
[T]he pair took attendees through all the steps...from locating a particular phone to seizing its unique ID, then...getting hold of data swapped between a handset and a base station. ... The encryption system that scrambles this data can be defeated using...a rainbow table.
Karsten Nohl has more:
GSM...security standards for voice and text messaging date back to 1990 and have never been overhauled. ... Short term protocol patches already exists that make cracking much harder...(3GPP TS44.006, Section 5.2). These patches should be deployed with high priority. ... GSM (2G) will not provide sufficient security and...UMTS (3G) and LTE (4G) should be preferred.
Please use these tools carefully and never intentionally record other people’s conversations.
Ina Fried is horrified:
At the heart of the vulnerability is the fact that network commands are sent in the simplest of computer code. ... A range of options for randomizing the data can easily improve the security, but...carriers have varied widely in how well they implement protection.
In Morocco, for example, one carrier sends messages with no attempt at encryption whatsoever. ... While Vodafone did pretty well on its British network, its German subsidiary has a less secure network.
... [T]he vulnerability is limited to the oldest 2G variant...but since all GSM phones support [it]...all such phones [are] vulnerable.
Meanwhile, Kevin J. O'Brien includes the obligatory anti-Murdoch dig:
It may be tempting to view...interception of...voice mails, a practice that has roiled...the News Corp. media empire of Rupert Murdoch, as an arcane tool. ... [But] cellphone users...may be just as vulnerable as the actor Hugh Grant...to having their personal voice mail hacked — or worse.
Nohl said he was able to hack into mobile conversations and text messages. ... Nohl said he had made sure...to avoid the illegal theft of data...by intercepting the phone transmissions of a colleague.
The GSM Association...[which] represents operators, said...that it welcomed research designed to improve GSM technology.
Today's Skateboarding Duck...
Don't miss out on OTOH:
- Follow @richi on Twitter
- Pretend to be richij's friend on Facebook
- Catch up with posts from the previous few days
Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. His writing has previously won American Society of Business Publication Editors and Jesse H. Neal awards. A cross-functional IT geek since 1985, you can also read Richi's full profile and disclosure of his industry affiliations.