GSM Network Found Wanting

Karsten Nohl and Sylvain Munaut, both security experts have displayed a toolkit, capable of hacking into any GSM network, at the Chaos Computer Club Congress (CCC) in Berlin. With that the myth surrounding the safety of GSM networks stand exposed.

The researchers reported that all that a hacker required to eavesdrop on text messages and spy on a GAM network was a set of four phones and open source software. The two had earlier made intensive studies to expose vulnerabilities that the GSM mobile telephony standard offered.

It took the duo just a year to develop the eavesdropping toolkit. Many parts of the toolkit were already known to other researchers while the duo had to create a new part themselves. This additional part that completed the chain had the ability to record data off the air. The researchers displayed the various steps beginning with identifying a particular phone, seizing its unique ID and then obtaining the critical data swapped between a handset and a base station while the user made calls or sent text messages.

Using cheap handsets and an open source software, they could obtain relevant data from the tapped source in the air. They were then also able to create open source alternative firmware capable of seeing all the data being broadcast by the base station. The encryption system that scrambles the data can be breached simply by using a big list of encryption keys, known as a rainbow table.

Currently there are more than five billion GSM mobile users around the world. This report is a cause of concern for all those on the GSM Network