We all tend to think of our cell phones as secure modes of transferring information, whether it be by voice, text message, email or Web browsing. The general consensus is hackers like to infiltrate our desktops and notebooks not our mobile phones. This is not necessarily the case as GSM technology is highly hackable.
Last month, at the Chaos Computer Club Congress in Berlin, two researchers showed start-to-finish how to listen in on encrypted GSM cellphone calls as well as text messages. All it takes is four $15 telephones used as network sniffers, a laptop and some open source software.
“GSM is insecure, the more so as more is known about GSM,” said Security Research Labs researcher Karsten Nohl. “It’s pretty much like computers on the net in the 1990s, when people didn’t understand security well.”
Researchers demonstrated how GSM networks exchange subscriber location data in order to route calls and text messages, which allows anyone to determine a cell phones location with a simple internet search.
Once the phone has been narrowed down to a specific location such as a city or area, the bad guy can now drive through the area and send the selected phone “silent” or “broken” text messages. These messages don’t show up on the users phone, but do listen to the station traffic and will hear the delivery of the message and response of the targeted phone. At the conclusion of this process the targeted phones location has now been narrowed to a smaller geographic area.
I’m not going to detail the process of exactly how this is done, but I will say the researchers simply replaced the firmware on a Motorola phone with a version of their own, allowing them to receive raw data from the cellular network. This collected data can be sent to a computer in real time with a simple upgrade to a USB connection.
The last step in the eavesdropping process is to decrypt the information. This is made possible by the nature in which networks exchange system information with GSM phones.
Much of this vulnerability could be addressed very easily as operators could make sure routing information was not so readily available via the internet. Randomization of padding in the system information exchange would also make the encryption harder to break.
What it all comes down to is that GSM is a 20-year-old network infrastructure with a ton of private information being transferred and very little security in place. Cell phones basically need to go through the same growing pains in relation to security as computers did in the 1990’s. If security measures are addressed and put in place, all will be fine, if not a lot of personal information will be compromised.
Let me know your thoughts in the comments below.