GSM cellular tech vulnerable to $15 eavesdropping hack

Posted by Lydia Leavitt

GSM is the standard digital technology that allows us to make calls worldwide. But what we assume is secure has actually been proven insecure by researchers who demoed an easy way of eavesdropping on encrypted calls and messages.

Although the government can easily hack into a cell phone using a $50,000 network sniffer, these researchers determined that there was an easier and cheaper option: a $15 hack that almost any Joe Shmoe could do it. Scary.

All it takes is four $15 phones as network sniffers, a laptop computer, and a few readily available open source software solutions.

GSM cellular technology vulnerable to $15 eavesdropping hack"GSM is insecure, the more so as more is known about GSM," said Karsten Nohl of Security Research Labs.

"It's pretty much like computers on the net in the 1990s, when people didn't understand security well."

Basically the researchers pieced together all of the GSM security flaws highlighted in the past to create one superhack for easy eavesdropping.

At the Chaos Computer Club (CCC) Congress earlier this week, Nohl and OsmocomBB project programmer Sylvain Munaut described to the audience how the researchers patched together the hack.

He explained that GSM networks use subscriber location data, which allowed the researchers to narrow down the area in which the cell phone user resides.

Once they've determined the general areas, the hackers drove around the area, sending the target phone "silent" or "broken" SMS messages.

Wired explains "By sniffing to each bay station's traffic, listening for the delivery of the message and the response of the target phone at the correct time, the location of the target phone can be more precisely identified."

To create the sniffer, the hackers created a new version of GSM firmware that would receive raw data from the cell network and analyze it. By sniffing the network while sending the broken SMS, the hackers were able to figure out the network ID number of the targeted cell phone.

Once they had that information, they were able to pull encrypted data off the network. And to decode the data, researchers used a cracking program to reveal the key to the encrypted data in under 20 seconds.

Much of this vulnerability could be addressed relatively easily, Nohl said. This requires operators to hide their network routing information, implement randomization of padding bytes between text messaging phones, and overall making the encryption keys harder to break. 

"This is all a 20-year-old infrastructure, with lots of private data and not a lot of security," Nohl said. "We want you to help phones go through the same kind of evolutionary steps that computers did in the 1990s."