I’m looking forward to see what will come out of the Black Hat conference this weekend as they scrutinize GSM technology. They plan on using the Kraken open-source GSM-cracking software to break the A5/1 encryption algorithm used by many GSM networks. This would make it fairly simple to eavesdrop on phone calls utilizing GSM technology.
The last part of this article really caught my attention, though:
Meanwhile, another Black Hat presenter, Chris Paget plans to demonstrate a completely different way to intercept GSM calls. He’s setting up a fake cellular tower that masquerades as a legitimate GSM network.
According to Paget, using open-source tools and a US$1,500 USRP radio, he can assemble his fake tower, called an IMSI (International Mobile Subscriber Identity) catcher. In a controlled experiment, he’s going to set one up at Black Hat and invite audience members to connect their mobile phones. Once a phone has connected, Paget’s tower tells it to drop encryption, giving him a way of listening in on calls.
“I think there’s been too much focus on the cryptographic weaknesses in GSM,” he said. “People need to recognize that the cryptographic weaknesses are not the worst weaknesses in GSM.”
While everyone is focusing on breaking the encryption, there’s always that one guy who figures out a way around it….
Related posts:
