We all tend to think of our cell phones as secure modes of transferring information, whether it be by voice, text message, email or Web browsing. The general consensus is hackers like to infiltrate our desktops and notebooks not our mobile phones. This is not necessarily the case as GSM technology is highly hackable.
Last month, at the Chaos Computer Club Congress in Berlin, two researchers showed start-to-finish how to listen in on encrypted GSM cellphone calls as well as text messages. All it takes is four $15 telephones used as network sniffers, a laptop and some open source software.
“GSM is insecure, the more so as more is known about GSM,” said Security Research Labs researcher Karsten Nohl. “It’s pretty much like computers on the net in the 1990s, when people didn’t understand security well.”
Researchers demonstrated how GSM networks exchange subscriber location data in order to route calls and text messages, which allows anyone to determine a cell phones location with a simple internet search.
Once the phone has been narrowed down to a specific location such as a city or area, the bad guy can now drive through the area and send the selected phone “silent” or “broken” text messages. These messages don’t show up on the users phone, but do listen to the station traffic and will hear the delivery of the message and response of the targeted phone. At the conclusion of this process the targeted phones location has now been narrowed to a smaller geographic area.
I’m not going to detail the process of exactly how this is done, but I will say the researchers simply replaced the firmware on a Motorola phone with a version of their own, allowing them to receive raw data from the cellular network. This collected data can be sent to a computer in real time with a simple upgrade to a USB connection.
The last step in the eavesdropping process is to decrypt the information. This is made possible by the nature in which networks exchange system information with GSM phones.
Much of this vulnerability could be addressed very easily as operators could make sure routing information was not so readily available via the internet. Randomization of padding in the system information exchange would also make the encryption harder to break.
What it all comes down to is that GSM is a 20-year-old network infrastructure with a ton of private information being transferred and very little security in place. Cell phones basically need to go through the same growing pains in relation to security as computers did in the 1990’s. If security measures are addressed and put in place, all will be fine, if not a lot of personal information will be compromised.
Let me know your thoughts in the comments below.
The Galaxy S20 Ultra's Space Zoom camera is amazing and a bit creepy
The Galaxy S20 Ultra supports up to 100X zoom, which Samsung calls Space Zoom, but is it any good? Can a phone really product usable photos at 100x zoom? We've got our Galaxy S20 Ultra already so join us to find out!
Win an iPhone, iPad and Apple Watch with the Reader's Choice giveaway!
What's the best phone of 2019? Is it the iPhone 11 Pro, Pixel 4 or OnePlus 7T? What about the best laptop, games console, tablet and more? Vote NOW in the Reader's Choice awards and win BIG in time for the holidays!
Here are the best products from IFA 2019!
Here are the products announced at IFA 2019 that were worthy of our Best of IFA 2019 awards. Also featuring MrMobile's single best product at the show!
Here are the best screen protectors for the Google Pixel 3a
Before you take the Pixel 3a on your next photoshoot, make sure to install a screen protector on the device to keep the display pristine for months to come.