January 2011

Mobile Eavesdropping Made Easy

Mobile Eavesdropping Made Easy

At the 27th annual Chaos Communication Congress (CCC) in Berlin, German cryptographer Karsten Nohl and team member Sylvain Manaut of the Chaos Computer Club presented their latest exploit - this time against the Global System for Mobile Communications (GSM) network.

Typically, governments tap mobile phones with the co-operation of the mobile phone provider and the call is recorded at a GSM base station. However, a quick internet search reveals that Law enforcement agencies can obtain specialist GSM over-the-air interception hardware for more covert operations!

In August of last year, the GSM association made a statement that they: "strongly suspect the team developing the intercept approach has underestimated its practical complexity. A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data". Karsten Nohl and team took this as a challenge to create a technique of using inexpensive phones to snoop over-the-air calls.

Within the presentation Karsten and Sylvain conducted a live demonstration using inexpensive (10 Euro) mobile phones (Motorola C123's). Karsten Nohl explained how GSM calls hop frequencies: "So you can appreciate that this is a multi-frequency problem, with a moving unpredictable target".

Mobile Eavesdropping Made Easy

Above: The Operator's cell tower only uses a fraction of the GSM spectrum

The demonstration used four mobiles phones to get the required frequency coverage to listen to the full conversation on the targets phone.

Mobile Eavesdropping Made Easy

The phones were connected to a medium-end computer with over 2Terrabytes Bytes of storage capacity. Nohl and his colleague then showed the CCC attendees each step of recording someone else's conversation and text messages. They started with locating a particular phone within the conference room to seizing its unique caller ID, and finally getting hold of data exchanged between a handset and a base station as phone calls are made and messages are sent. After recording the phone calls and text messages, he goes on to use 'Kraken' software to very quickly decrypt the messages and call. In 2010 July's SCN newsletter the article entitled "Kraken Feeds on your Phone Calls" introduces how Karsten Nohl and his team developed the 'Kraken' software.

The team has thus successfully developed a complete toolkit, making it easier for hackers to sniff phone calls anytime, anywhere using open source software and cheap hardware.

The demonstration used Motorola C123 phones, because the phones firmware specification got leaked on the internet enabling opensource advocates 'Osmocom' to create a firmware replacement which enables the phone to record the raw photo call with control data.

Finally let's remember, Karsten's Kraken technology is useful only to crack A5/1 encryption algorithm, not its upgraded version - the A5/3 algorithm. In the presentation Karsten mentions that: "as more iPhones suck up the 3G bandwidth for internet usage, the more phone calls will be pushed down to GSM again. So 3G is no answer to GSM security problems as long as operators operate both as parallel"

Since 1984, CCC has become a platform for world-wide hackers to operate and test the security level in modern systems. CCC and Karsten Nohl intentions are to make people and companies more aware of weak security.

According to Karsten, mobile phone networks do not provide state-of-the art security for complete, all-round protection. He has repeatedly urged the mobile operators to use the more secured A5/3 algorithm in place of the old A5/1 encryption algorithm, but it seems higher cost of upgrading the equipments has prevented the mobile operators from switching over to A5/3 algorithm.

Suparna Sen, Smartcard & Identity News

Wideband GSM Sniffing Homepage: https://events.ccc.de/congress/2010/Fahrplan/events/4208.en.html


19/05/2019 Headlines

Belfast Council Launches its Own Digital Currency

The authority has worked alongside Israeli tech firm Colu to create Belfast Coin, a virtual currency that will launch across the Northern Irish capital later th.....Read More

Android Pioneer HTC Stages Retreat from China

HTC is pulling its smartphones from two of China's largest online marketplaces, raising concerns about the brand's future.

The firm was the first to sell.....Read More

eBay Could Start Accepting "Virtual Currencies," Leaked Pics Suggest

If true, the eBay integration could open the floodgates for mainstream adoption of digital currencies. eBay currently has more than 180 million registered users.....Read More

Bank of England Calls for 'Super Shield' Against Cyber Attacks

Britain may need to copy the United States in building a "super shield" against catastrophic cyber attacks or major IT glitches that could cripple the finance i.....Read More

Lawsuit Accusing Apple of Unfairly Dominating Mobile App Sales Will Proceed

The U.S. Supreme Court, in a narrow 5-4 decision written by Justice Brett Kavanaugh, ruled that a consumer lawsuit challenging Apple Inc.'s dominance of mobile .....Read More

Cryptocurrency Exchange Cryptopia Halts Trading and Announces it is in the Process of Liquidation

Cryptopia, a cryptocurrency exchange headquartered in New Zealand, has halted trading and announced that it is now in liquidation.

In January, the exchan.....Read More

Video Interviews

Tim Jones talks on the wealth of networks

Christophe Dolique of Gemplus talks about ·SIM

Dominique Brule of Philips Semiconductors talks about Near Field Communication