Search! What You See

Friday, December 31, 2010

GSM phones vulnerable to hacking, claim researchers

Don't bother with a lengthy ring-round of your friends to wish them a happy new year. Just leave one of them a message on their mobile and wait for everyone else to hack into it.
A little premature, you might think. And you'd be right. But a pair of security researchers have told a Berlin conference how they were able to eavesdrop on mobile phone calls and texts made on any GSM network – used by around 80% of the world's phones – using four cheap phones, a laptop and some open source software.
 Karsten Nohl and Sylvain Munaut spent a year perfecting their eavesdropping technology, which begins by sending a "ghost" text message to a target phone that does not show up on the handset but enables the hacker to seize its unique identification number.
The pair, who gave a live demonstration to the Chaos Computer Club Congress in Berlin this week, said the whole process takes about 20 seconds, enabling phone conversations and SMS messages to be recorded and decrypted.
"Any GSM call is fair game," Nohl told the BBC. ""Now there's a path from your telephone number to me finding you and listening to your calls. The whole way."
Nohl said commercially available equipment capable of eavesdropping on other people's phone calls and text messages would previously have cost more than £35,000. He said the four Motorola phones used in their demonstration cost £9 each.
He told the conference that while computing power had continued to evolve, GSM phone software had become out of date.
"This is all a 20-year-old infrastructure, with lots of private data and not a lot of security," Nohl said. "We want you to help phones go through the same kind of evolutionary steps that computers did in the 1990s."
Nohl said there were no plans to make the eavesdropping kit available for others to use, but suggested it would not be difficult for a keen amateur to follow their lead. "I expect people to do it for the fun of doing it," he added.

No comments:

Post a Comment