Feeds

Hacking into GSM for only $1500

Demonstrated and documented

Internet Security Threat Report 2014

A researcher at the DefCon hackers' meet has demonstrated kit for spoofing GSM base stations, allowing even those on a limited budget to intercept phone calls and text messages.

The audience attending the talk by Chris Paget were able to see their own handsets transferring to his spoofed base station, with calls receiving a recorded message explaining that the security had been compromised, Associated Press reports. The demonstration would presumably have been a lot less impressive if Las Vegas had better 3G coverage.

The basis of the attack isn't new: the attacker sets up a base station advertised as belonging to a compatible network operator and handsets locally switch to the stronger signal. In a live attack the base station then connects to the real cellar network and passes authentication tokens back and forth as though it wasn't there.

GSM communications are supposed to be encrypted between the genuine network at the handset, but in some countries strong encryption isn't allowed so the network informs the handset not to encrypt the communications. The handset is supposed to pop up a warning when this happens, but doesn't, so rogue base stations can ask the handset not to encrypt anything and then listen in.

The 2G GMS standard does not mandate mutual authentication – the handset must prove its identity to the network, but the network is not required to return the favour. That's always made 2G networks open to this kind of abuse; the only difference is that the kit to do it has got a lot cheaper over the years. 3G standards do require such authentication, so they are immune from this kind of attack.

During the demonstration, Paget pointed out that one could jam the 3G signal (at 2.1GHz), forcing handsets to drop back to 2G and open themselves to the vulnerability. That's true, but will cease to be possible (or at least will get a lot more difficult) once operators start deploying 3G technology on the 2G frequencies.

"GSM is broken - it's just plain broken," said Paget during the demonstration, though he could have added that the standard is no more broken than it was yesterday - the break just got cheaper to exploit. ®

Secure remote control for conventional and virtual desktops

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.