beer Posted December 29, 2011 Share Posted December 29, 2011 GSM, the 2G network standard used on three billion phones worldwide, is showing its age. In a talk yesterday at the Chaos Communication Congress in Berlin, hackers Karsten Nohl and Luca Melette demonstrated how they can use easily-available decryption software and a basic phone to impersonate other 2G GSM phones. Once they've done so, they can make calls, send text messages, and check voicemail from the number.Whenever a call is made from a GSM phone, the phone and network engage in a string of encrypted conversations that include a temporary ID for the phone and a secret key. If this data is recorded, it's possible to quickly crack the secret key and find the ID, then use those two pieces of information to impersonate the phone. The method works because of two factors: the weak encryption used by GSM and the fact that the key — which was originally supposed to be regenerated each time a call was made — is often used for several different transactions. The hack won't affect newer 3G or 4G networks, which are much more difficult to compromise.Nohl says there are several ways to mitigate the problem, including some stopgaps that could be implemented within a few weeks. However, this isn't the first time that he's called attention to the weak security of GSM. In 2009, he cracked the encryption used for the standard with simple brute force, theoretically allowing him to listen in on phone conversations. Other hackers have also successfully intercepted calls with other methods. Nohl hopes that this latest issue will prove too big to ignore. "A lot of people tell me they never say anything interesting on their phones," he says in the talk. "And so the intercept doesn't affect them. Now, finally, this should."(source)Just when I thought my antique 2G phone is safer than smart phones... Link to comment Share on other sites More sharing options...
Alanon Posted December 29, 2011 Share Posted December 29, 2011 Wow. It may not be safer, but it sure as hell GETS THE JOB DONE.If I wanted a computer, RAM, fancy apps and all that, I wouldn't have bought a PC. No!If I have a sudden urge to check my emails every 5 minutes, and I don't have a work computer, I would wonder what is it that's so important. And finally, if I want to play games in the bus, I would get a PSP.Long live candy-bar phones! Link to comment Share on other sites More sharing options...
Catoja Posted December 30, 2011 Share Posted December 30, 2011 Its kind of old news, GSM is unsecured for a long time. In some countries like brazil, u cant turn on your phone at public places. You will get hacked. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.