January 2011

Mobile Eavesdropping Made Easy

Mobile Eavesdropping Made Easy

At the 27th annual Chaos Communication Congress (CCC) in Berlin, German cryptographer Karsten Nohl and team member Sylvain Manaut of the Chaos Computer Club presented their latest exploit - this time against the Global System for Mobile Communications (GSM) network.

Typically, governments tap mobile phones with the co-operation of the mobile phone provider and the call is recorded at a GSM base station. However, a quick internet search reveals that Law enforcement agencies can obtain specialist GSM over-the-air interception hardware for more covert operations!

In August of last year, the GSM association made a statement that they: "strongly suspect the team developing the intercept approach has underestimated its practical complexity. A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data". Karsten Nohl and team took this as a challenge to create a technique of using inexpensive phones to snoop over-the-air calls.

Within the presentation Karsten and Sylvain conducted a live demonstration using inexpensive (10 Euro) mobile phones (Motorola C123's). Karsten Nohl explained how GSM calls hop frequencies: "So you can appreciate that this is a multi-frequency problem, with a moving unpredictable target".

Mobile Eavesdropping Made Easy

Above: The Operator's cell tower only uses a fraction of the GSM spectrum

The demonstration used four mobiles phones to get the required frequency coverage to listen to the full conversation on the targets phone.

Mobile Eavesdropping Made Easy

The phones were connected to a medium-end computer with over 2Terrabytes Bytes of storage capacity. Nohl and his colleague then showed the CCC attendees each step of recording someone else's conversation and text messages. They started with locating a particular phone within the conference room to seizing its unique caller ID, and finally getting hold of data exchanged between a handset and a base station as phone calls are made and messages are sent. After recording the phone calls and text messages, he goes on to use 'Kraken' software to very quickly decrypt the messages and call. In 2010 July's SCN newsletter the article entitled "Kraken Feeds on your Phone Calls" introduces how Karsten Nohl and his team developed the 'Kraken' software.

The team has thus successfully developed a complete toolkit, making it easier for hackers to sniff phone calls anytime, anywhere using open source software and cheap hardware.

The demonstration used Motorola C123 phones, because the phones firmware specification got leaked on the internet enabling opensource advocates 'Osmocom' to create a firmware replacement which enables the phone to record the raw photo call with control data.

Finally let's remember, Karsten's Kraken technology is useful only to crack A5/1 encryption algorithm, not its upgraded version - the A5/3 algorithm. In the presentation Karsten mentions that: "as more iPhones suck up the 3G bandwidth for internet usage, the more phone calls will be pushed down to GSM again. So 3G is no answer to GSM security problems as long as operators operate both as parallel"

Since 1984, CCC has become a platform for world-wide hackers to operate and test the security level in modern systems. CCC and Karsten Nohl intentions are to make people and companies more aware of weak security.

According to Karsten, mobile phone networks do not provide state-of-the art security for complete, all-round protection. He has repeatedly urged the mobile operators to use the more secured A5/3 algorithm in place of the old A5/1 encryption algorithm, but it seems higher cost of upgrading the equipments has prevented the mobile operators from switching over to A5/3 algorithm.

Suparna Sen, Smartcard & Identity News

Wideband GSM Sniffing Homepage: https://events.ccc.de/congress/2010/Fahrplan/events/4208.en.html


17/01/2019 Headlines

Mining Bitcoin Takes More Energy than Extracting Gold or Platinum

Digital currencies, as in so-called cryptocurrencies like Bitcoin and Ethereum, may represent the future of our monetary system, but so far, they've been terrib.....Read More

$1M in Crypto Disappears after SIM Swapping by US Hacker

California authorities have indicted New York citizen on 21 felony charges of cryptocurrency hacks, including the theft of $1 million in virtual coins. The defe.....Read More

Biometric Tech Used by Banks Leads to Rise in Money Mules

The use by banks of biometrics (fingerprint identification) to verify account holders has brought greater security to minimise identity theft and impersonation,.....Read More

Cyber Attacks on Major Banks have DOUBLED in a Year Due to Mistakes by 'Overconfident' Bankers

Technology disasters at banks and finance firms have more than doubled amid an unprecedented wave of cybercrime, the City watchdog has warned.

Overconfid.....Read More

Eight Arrested Following Takedown of Multi-Million Dollar Online Ad Fraud

A giant ad-fraud campaign that resulted in losses of tens of millions of dollars to companies has been taken down. According to a report by Google and cybersecu.....Read More

Sirin to Ship its First Blockchain-enabled Smartphone

Swiss-based Sirin Labs plans to ship its first blockchain-enabled smartphone on Thursday; the device will give users a secure method to access cryptocurrency ex.....Read More

Video Interviews

Tim Jones talks on the wealth of networks

Christophe Dolique of Gemplus talks about ·SIM

Dominique Brule of Philips Semiconductors talks about Near Field Communication