Thursday, February 21, 2008

GSM Calls Cracked

An "attack" on GSM based phones can open a vulnerability allowing would be attackers to eavesdrop on calls.

The attack the was recently demonstrated by David Hulton and Steve Muller at the Black Hat security conference using less than $1000 worth of hardware.

GSM is used all over the world by mobile phone companies, and is used in the U.S. by several networks, including AT&T and T-Mobile. So far the GSM network has been considered to be secure enough that even criminals use it.

According to the TechWorld article "GSM phone calls cracked for $1,000 a time" The 'attack' depends on exploiting a vulnerability in the way GSM sets up calls. Assuming an attacker was able to find out a phone's mobile subscription identification number and built-in hardware ID - garnered by sending a text message to that phone say - they would have enough information to isolate calls from that phone.

Hulton has said, "his company, Pico Computing, is now developing the fast version, which cost approximately $100,000 and can crack phones in as little 30 seconds to sell to agencies such as law enforcement, but plans to give away the slower version for free."

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you