Hacker proves vulnerability of 2G GSM networks with homemade call interceptor

By Abhinav Lal | Published on 02 Aug 2010
Hacker proves vulnerability of 2G GSM networks with homemade call interceptor
Advertisements

Working from home?

Don’t forget about the most important equipment in your arsenal

Click here to know more

An ethical hacker demonstrated exactly what you can make with $1500 worth of equipment: a cell phone call interceptor. Using not much more than a laptop and two RF antennas, Chris Paget showed off his interception technology at DefCon 2010, convincingly proving just how unsecure 2G GSM networks are.

His equipment managed to fool cell phones in the audience that the setup was a real cell phone base station, and when they automatically routed their calls through it, he was able to intercept and record the conversations, which included encrypted calls. While this technology only works on outgoing calls at present, Chris Paget’s equipment can easily be duplicated, a worrying fact by itself, apart from the flaw in 2G GSM network acquisition protocols, which automatically redirect phones to connect to the base station with the strongest signal, regardless of its origin. In this manner, encrypted calls are not free from interception, because the base station can simply deactivate it once it acquires the signal. Though GSM specs insist that a cell phone should display a warning if it is forced to connect to a station that doesn’t have encryption, most SIM cards disable this feature to avoid innumerable alerts during operation. In essence, your call could be intercepted and recorded without your slightest knowledge.

This technology is nothing new in theory, and governments already use what are called IMSI catchers to pull off a similar feat, which can even capture data transfers. However, what is revolutionary is the low-cost and ease with which the setup can be made and procured, by anyone from the common man to the underfunded terrorist. 

As you can imagine, the demonstration has already created a furore in the industry, with security experts as well as carriers suddenly worried about how to make 2G GSM networks safer. On the flip-side, maybe a version of this technology could be used by governments to monitor calls that they were previously unable to decrypt, specifically, the Indian government’s current need to decode BlackBerry calls. 
 

logo
Abhinav Lal

https://plus.google.com/u/0/118371002657670425415/posts

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status