Researcher unveils techniques for GSM hacking

[nsane.forums]

Demonstration shows how call data could be gathered

A security researcher has presented flaws in the GSM mobile phone system which could reportedly allow for the collection of conversation information.

Researcher Chris Paget presented the demonstration at the DefCon security conference, showing how a system built for just $1500 could be able to intercept call information from nearby GSM mobile handsets.

The system functions as a spoofed phone reception tower, gathering information and allowing a theoretical attacker to create a system capable of harvesting data from local handsets.

Over the course of the presentation, Paget said that the system was able to log some 30 phone calls, though he noted that the range of the system was deliberately limited so that only those who had already been informed of the presentation would be subject to collection.

The researcher said that the demonstration was intended to show the extent to which GSM systems were open to attack. In his presentation, Paget said that GSM was "badly broken" and that the best solution would be to move to 3G networks.

In a follow-up to the presentation, Paget said that there were some systems already in place which could help protect users. He noted that telcos such as AT &T and handset vendors such as Research in Motion have encryption systems which could improve security.

"In the medium to long term GSM simply needs to be turned off," Paget said.

"It'd be more work to fix it than it would be to upgrade."

View: Original Article