Whatever assurances have been given about the security of GSM cellphone calls, forget about them now. Breaking GSM With a $15 Phone … Plus Smarts article tells that a pair of researchers demonstrated a start-to-finish means of eavesdropping on encrypted GSM cellphone calls and text messages, using only four sub-$15 telephones as network “sniffers,” a laptop computer and a variety of open source software. To create a network sniffer, the researchers replaced the firmware of a simple Motorola GSM phone with their own alternative, which allowed them to retain the raw data received from the cell network, and examine more of the cellphone network space than a single phone ordinarily monitors. Upgrading the USB connection allowed this information to be sent in real time to a computer.
While such capabilities have long been available to law enforcement with the resources to buy a powerful network-sniffing device, the pieced-together hack takes advantage of security flaws and shortcuts in the GSM network operators’ technology and operations to put the power within the reach of almost any motivated tech-savvy programmer.
GMS is all a 20-year-old infrastructure, with lots of private data and not a lot of security. Several of the individual pieces of this GSM hack have been displayed before. For example the ability to decrypt GSM’s 64-bit A5/1 encryption was demonstrated last year.
“GSM is insecure, the more so as more is known about GSM,” said Security Research Labs researcher Karsten Nohl on the article. “It’s pretty much like computers on the net in the 1990s, when people didn’t understand security well.”