GSM mobile … the insecure network

Pierluigi Paganini December 29, 2011

The latest discovered vulnerability in GSM ( Global System for Mobile) technology is worrying many telecom operators of several countries due to their impact on an audience of billions users. Some experts in the Security Research Labs in Berlin have shown how to get the remote control of mobile phones to send SMS and make calls.

The bugs identified makes GSM technology vulnerable to tapping. The impact in terms of security is definitely noticeable and creates no little alarm among the telecom industry, concerns shared by the industry as producers in the same mobile device.

The reality is that we are dealing with very old technology, backed by 20 years of operation and for which were not introduced significant improvement in terms of safety.

GSM is the 2G standard (2 nd generation) for mobile phone an it is currently most widely used. Consider that more than 3 billion people in 200 countries use GSM mobile phones. GSM is an open standard developed by the CEPT, designed by the ETSI and maintained by the 3GPP consortium (of which ETSI is a member). Easy to understand the impact that the vulnerability has on phone operators and handset manufacturers.

The world of telephony has always been below the target of hackers and evil-intentioned, for example many times we heard about the possibility of such a device being infected with malware. Unfortunately, the awareness of the threat is very low in the common user, but given the high distribution of devices and their growing computational power in the field it is necessary that we put concrete questions in terms of safety. A mobile device follows our movements and with phone calls and with SMS allows each user to interface with the outside world. Check all that amounts to achieve control over each individual who raises troubling questions regarding privacy. We are all controllable, this well known, but knowing that anyone who might be afraid to spy on us.
The most worrysome thing is that is possible to control huge amount of mobiles in a short time frame.

Just last year I remember an interesting presentation made by the researcher Chris Paget during Defcon security conference in Las Vegas. He have demonstrated in a live demo how he can intercept cell phone calls on 80 percent of the world’s phones with just about $1,500 worth of equipment. Chris Paget, who also demonstrated how he can hack into radio frequency identification tags (RFID) from a distance, created a fake cell phone tower, or Global System for Mobile communications (GSM) base station.

Military and intelligence agencies can intercept cell phone calls with their wiretapping technology, there is no mystery in this, but Paget simply wanted to show how vulnerable the cell phone network is and how hackers could intercept calls for a small amount of money. He used a couple of large antennae and a laptop with some other equipment.

“GSM is broken – it’s just plain broken,” said Paget during the demonstration.

Another possible damage could be caused by fraudsters that are able to make calls to the numbers from hacked business phone systems or mobile phones, then collect their cash and move on before the activity is identified. The hapless user will not realize the fraud until he will receive the telecom bills.

The researcher for security reasons haven’t shown the details of possible attacks to avoid it replication by hacker.

According a security reserach on mobile networks Germany’s T-Mobile and France’s SFR offer their clients the best protection against online criminals wanting to intercept their calls or track their movements, according to a new ranking Nohl will unveil at his presentation.

Let’s go deep in the argument visiting the web site www.gsmmap.org. The site propose an interesting ranking conducted by security researchers regarding security of several telecom operators.
I believe that every customer must be informed on it to make pressure on the operator that must guarantee an acceptable level of security.

What would happen if activist groups exploit similar vulnerabilities to disclose the object ofillegally wiretapping made​​? 

The events of recent months have also shown that too often government representatives and businessmen make little attention to the use of mobile communications devices. The use of encrypted communications is very limited and this has lead to many problems that we all learned in the newspapers.
Essential to increase awareness of the threat, informing the user that runs the real dangers in a little noticed by using their mobile phone.

“None of the networks protects users very well,”



you might also like

leave a comment