GSM phones -- call them unsafe, says security expert

Dec 27, 2011 by Nancy Owano report
GSM
GSM logo. Image: Wikipedia.

(PhysOrg.com) -- A German security expert has issued a warning that billions of mobile phone users who depend on GSM networks are vulnerable to having their personal mail hacked. He blames the problem on network operators that use outdated network security. Karsten Nohl, head of Germany's Security Research Labs, a Berlin-based consulting company, was readying his presentation of study findings for a security convention and highlighted his troubling study results.

Hackers can gain of a person’s phone and then send text messages, ordering up pay-for services, for example, which the victim then discovers in the form of surprise bills, or place calls.

With the stinging news of how reporters have intruded into people’s phone conversations and the latest security flap affecting Stratfor, his warning carried resonance this week.

Nohl said that he was able to intercept voice and text conversations by impersonating another user to listen to their voice mails or make calls or send text messages. Even more troubling was that he was able to pull this off using a seven-year-old Motorola cellphone and decryption software available free off the Internet.

Nohl was able to decipher the standard electronic exchange of information between phone and network. This is coded instruction/command-type information such as “Wait” or “I have a call for you.” Nohl said that most operators vary little from the standard setup procedure and therein is vulnerability.

He made educated guesses to decipher the algorithmic keys used by networks to encrypt transmissions. He said mobile telecom operators could resolve the security weaknesses by updating their software. (According to a report in The New York Times, much of digital technology used to secure cellphone call privacy was developed in the 1980s and 1990s.)

This type of attack could expose any cellphone using GSM technology. GSM digital networks are in use throughout the world. In the U.S., the GSM standard is used by AT&T and T-Mobile USA.

The study’s researchers reviewed 32 operators in 11 countries. These were Austria, Belgium, the Czech Republic, France, , Hungary, Italy, Morocco, Slovakia, Switzerland and Thailand. The operators were rated on how easily the researchers intercepted calls, tracked phones, or impersonated someone else’s device. Germany’s T-Mobile GSM network ranked the highest in providing security protection; the company has enhanced security measures in place.

Nohl’s company engages in technology projects at companies and governments focused on understanding technology risks According to his Research Labs, GSM telephony is the world’s most popular communication technology spanning most countries and connecting over four billion devices.

Explore further: Hand out money with my mobile? I think I'm ready

More information: srlabs.de/research/decrypting_gsm/

Related Stories

GSM system about to be compromised

Dec 08, 2009

(PhysOrg.com) -- Research scientists in California and elsewhere are deliberately setting out to compromise the mobile phone system used by around three billion people. The system uses Global System for Mobile ...

Guide to breaking cell phone security revealed

Dec 30, 2009

(AP) -- A German security expert has raised the ire of the cell phone industry after he and a group of researchers posted online a how-to guide for cracking the encryption that keeps the calls of GSM-standard cell phone users ...

Stop Big Brother listening in to your mobile phone conversation

Sep 27, 2004

A team of University of Surrey scientists led by Professor Ahmet Kondoz has developed new technology which will enable companies and organisations to ensure that their GSM mobile phone conversations are totally secure and confidential. Prev ...

Researchers show how to use mobiles to spy on people

Apr 22, 2010

(PhysOrg.com) -- Researchers have demonstrated how it is possible to use GSM (Global System for Mobile communications) data along with a few tools to track down a person’s mobile phone number and their location, ...

Dutch support for disaster zone phone software

Apr 13, 2011

Software developed by Flinders University’s Dr. Paul Gardner-Stephen which enables mobile phones to communicate during a disaster will be freely available to the public by the end of the year thanks to the support of ...

Recommended for you

Hand out money with my mobile? I think I'm ready

Apr 17, 2014

A service is soon to launch in the UK that will enable us to transfer money to other people using just their name and mobile number. Paym is being hailed as a revolution in banking because you can pay peopl ...

Quantenna promises 10-gigabit Wi-Fi by next year

Apr 16, 2014

(Phys.org) —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...

Tech giants look to skies to spread Internet

Apr 16, 2014

The shortest path to the Internet for some remote corners of the world may be through the skies. That is the message from US tech giants seeking to spread the online gospel to hard-to-reach regions.

Wireless industry makes anti-theft commitment

Apr 16, 2014

A trade group for wireless providers said Tuesday that the biggest mobile device manufacturers and carriers will soon put anti-theft tools on the gadgets to try to deter rampant smartphone theft.

Dish Network denies wrongdoing in $2M settlement

Apr 15, 2014

The state attorney general's office says Dish Network Corp. will reimburse Washington state customers about $2 million for what it calls a deceptive surcharge, but the satellite TV provider denies any wrongdoing.

Netflix's Comcast deal improves quality of video

Apr 14, 2014

Netflix's videos are streaming through Comcast's Internet service at their highest speeds in the past 17 months now that Netflix is paying for a more direct connection to Comcast's network.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

gwrede
3.3 / 5 (3) Dec 27, 2011
We are increasingly moving into the world of cloak-and-dagger, shoot-em-up, and James Bondian gadgets, for real. While it used to excite me at the movies, now I'm getting increasingly annoyed and bored.!

I really wish things like phone conversations and sms were protected (yes I know they cannot be protected from the government, but, please, at least from the nerd across the street).

More news stories

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...