31 December 2010 Last updated at 05:49 ET

Hackers crack open mobile network

Mobile calls and texts made on any GSM network can be eavesdropped upon using four cheap phones and open source software, say security researchers.

Karsten Nohl and Sylvain Munaut demonstrated their eavesdropping toolkit at the Chaos Computer Club Congress (CCC) in Berlin.

The work builds on earlier research that has found holes in many parts of the most widely used mobile technology.

The pair spent a year putting together the parts of the eavesdropping toolkit.

"Now there's a path from your telephone number to me finding you and listening to your calls," Mr Nohl told BBC News. "The whole way."

(Rest of the article is here. (http://www.bbc.co.uk/news/technology-12094227))

I love this kinda stuff!!! "I yam what I yam and that's all that I yam." :p -Lindy

GSM has always been insecure when it comes to governmental eavesdropping. Hobbyist eavesdropping has been around a while, too, but the price point was at a grand or so, using off-the-shelf equipment and GNU Radio.

GSM has always been insecure when it comes to governmental eavesdropping. Hobbyist eavesdropping has been around a while, too, but the price point was at a grand or so, using off-the-shelf equipment and GNU Radio.

Everything is insecure. :D

Regarding "hobbyist" snooping, perhaps with A5/0 or 2 but A5/1 real-time decryption? The entire premise of GSM is "secure" authentication and protection from unintentional monitoring.

Here's another article with more details. Implications? Imagine a criminal organization establishing a SIGINT section to keep tabs on the competition...on the cheap!!! Fuhget abowdit!!!


Breaking GSM With a $15 Phone … Plus Smarts

From Wired (http://www.wired.com/threatlevel/2010/12/breaking-gsm-with-a-15-phone-plus-smarts/) magazine.

Speaking at the Chaos Computer Club (CCC) Congress here Tuesday, a pair of researchers demonstrated a start-to-finish means of eavesdropping on encrypted GSM cellphone calls and text messages, using only four sub-$15 telephones as network “sniffers,” a laptop computer and a variety of open source software.

While such capabilities have long been available to law enforcement with the resources to buy a powerful network-sniffing device for more than $50,000 (remember The Wire?), the pieced-together hack takes advantage of security flaws and shortcuts in the GSM network operators’ technology and operations to put the power within the reach of almost any motivated tech-savvy programmer.

“GSM is insecure, the more so as more is known about GSM,” said Security Research Labs researcher Karsten Nohl. “It’s pretty much like computers on the net in the 1990s, when people didn’t understand security well.”

Several of the individual pieces of this GSM hack have been displayed before. The ability to decrypt GSM’s 64-bit A5/1 encryption was demonstrated last year at this same event, for instance. However, network operators then responded that the difficulty of finding a specific phone, and of picking the correct encrypted radio signal out of the air, made the theoretical decryption danger minimal at best.

There is a reason why 64bit encryption can be exported and 128bit+ is restricted. They could probably fix it quick if there wasn't a length limit on the encryption keys. Sounds like a big hw issue...