Researchers showed how to eavesdrop on any data on a GSM network
Security researchers have showed how they have eavesdrop on any calls and text messages made on a GSM network, thereby questioning the security at GSM networks.
Using four cheap phones and open source software, researchers Karsten Nohl and Sylvain Munaut demonstrated the technique at the Chaos Computer Club Congress (CCC) in Berlin, Germany.
With their eavesdropping toolkit, they were able to intercept a call in 20 seconds, so that it could be decrypted at a later stage.
It reportedly took one year since Nohl first demonstrated the vulnerability of GSM phones back in December 2009, to develop his eavesdropping toolkit, in association with Sylvain Munaut.
The pair showed all the steps that led from locating a particular phone to seizing its unique ID, then getting hold of data swapped between a handset and a base station as calls are made and texts sent.
Nohl told the BBC that they used cheap Motorola phones, which can have their onboard software swapped for an open source alternative, because a description of their firmware leaked to the Internet.
A list of encryption keys called a rainbow table can defeat the encryption system that scrambles the data the hackers need to eavesdrop data, Nohl said.
Nohl claims the the cost to spy on calls in the GSM network will come down significantly from the previously used commercial equipment.
The objective of the research was to inculcate awareness around the problem of eavesdropping and prompt operators to improve security, Nohl said.