January 2011


Mobile Eavesdropping Made Easy

Mobile Eavesdropping Made Easy

At the 27th annual Chaos Communication Congress (CCC) in Berlin, German cryptographer Karsten Nohl and team member Sylvain Manaut of the Chaos Computer Club presented their latest exploit - this time against the Global System for Mobile Communications (GSM) network.

Typically, governments tap mobile phones with the co-operation of the mobile phone provider and the call is recorded at a GSM base station. However, a quick internet search reveals that Law enforcement agencies can obtain specialist GSM over-the-air interception hardware for more covert operations!

In August of last year, the GSM association made a statement that they: "strongly suspect the team developing the intercept approach has underestimated its practical complexity. A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data". Karsten Nohl and team took this as a challenge to create a technique of using inexpensive phones to snoop over-the-air calls.

Within the presentation Karsten and Sylvain conducted a live demonstration using inexpensive (10 Euro) mobile phones (Motorola C123's). Karsten Nohl explained how GSM calls hop frequencies: "So you can appreciate that this is a multi-frequency problem, with a moving unpredictable target".

Mobile Eavesdropping Made Easy

Above: The Operator's cell tower only uses a fraction of the GSM spectrum

The demonstration used four mobiles phones to get the required frequency coverage to listen to the full conversation on the targets phone.

Mobile Eavesdropping Made Easy

The phones were connected to a medium-end computer with over 2Terrabytes Bytes of storage capacity. Nohl and his colleague then showed the CCC attendees each step of recording someone else's conversation and text messages. They started with locating a particular phone within the conference room to seizing its unique caller ID, and finally getting hold of data exchanged between a handset and a base station as phone calls are made and messages are sent. After recording the phone calls and text messages, he goes on to use 'Kraken' software to very quickly decrypt the messages and call. In 2010 July's SCN newsletter the article entitled "Kraken Feeds on your Phone Calls" introduces how Karsten Nohl and his team developed the 'Kraken' software.

The team has thus successfully developed a complete toolkit, making it easier for hackers to sniff phone calls anytime, anywhere using open source software and cheap hardware.

The demonstration used Motorola C123 phones, because the phones firmware specification got leaked on the internet enabling opensource advocates 'Osmocom' to create a firmware replacement which enables the phone to record the raw photo call with control data.

Finally let's remember, Karsten's Kraken technology is useful only to crack A5/1 encryption algorithm, not its upgraded version - the A5/3 algorithm. In the presentation Karsten mentions that: "as more iPhones suck up the 3G bandwidth for internet usage, the more phone calls will be pushed down to GSM again. So 3G is no answer to GSM security problems as long as operators operate both as parallel"

Since 1984, CCC has become a platform for world-wide hackers to operate and test the security level in modern systems. CCC and Karsten Nohl intentions are to make people and companies more aware of weak security.

According to Karsten, mobile phone networks do not provide state-of-the art security for complete, all-round protection. He has repeatedly urged the mobile operators to use the more secured A5/3 algorithm in place of the old A5/1 encryption algorithm, but it seems higher cost of upgrading the equipments has prevented the mobile operators from switching over to A5/3 algorithm.

Suparna Sen, Smartcard & Identity News

Wideband GSM Sniffing Homepage: https://events.ccc.de/congress/2010/Fahrplan/events/4208.en.html





Whitepapers

21/03/2019 Headlines

France Fines Google $57 Million for European Privacy Rule Breach

Google lacked transparency and clarity in the way it informs users about its handling of personal data and failed to properly obtain their consent for personali.....Read More

New Payment Services Laws Passed in Singapore

New payment services laws have been passed by Singapore's parliament in a move that will streamline existing laws while bringing many new fintech providers into.....Read More

Twitter Warns that Private Tweets were Public for Years

Private tweets sent by users of Twitter's Android app could have been exposed publicly for years.

Twitter said it had discovered a security flaw which me.....Read More

Exchange Loses Big over Airdrop Miscue

Computer glitches are never fun, but when they result in the loss of money, they can be completely debilitating. Coinnest, a cryptocurrency exchange out of Sout.....Read More

Name and Shame Firms with Poor Cyber Security, Government Told

The government should name and shame companies whose cyber security measures fail to protect consumers' data and firms should implement Active Cyber Defence, an.....Read More

Sirin Labs Opens First Blockchain Smartphone Store in London

Sirin Labs has opened the first blockchain smartphone store located in London. The intention is to attract crypto enthusiasts passionate for blockchain and dece.....Read More


Video Interviews

Tim Jones talks on the wealth of networks

Christophe Dolique of Gemplus talks about ·SIM

Dominique Brule of Philips Semiconductors talks about Near Field Communication