Share

Related Links

Top 5 Stories

News

Indian company hacks GSM and usurps IMSI

21 March 2012

At a security conference organized by Null in India, Matrix Shell claimed and demonstrated the ability to hack into GSM phones and manipulate the user’s International Mobile Subscriber Identity.

A report in The Hindu Business Line newspaper claims, “They showed it is possible... to use a subscriber's IMSI and make calls; to illegally intercept calls; to draw up large bills against a post-paid subscriber's accounts; and to deplete a prepaid subscriber's balance...”

The report also quotes Akib Sayyed, one of the founders of Matrix Shell, saying, “The standard encryption on GSM should be a5/1 whereas in India most providers mostly use a5/0 which is practically no encryption. This allows an attacker to use various open source software to sniff communication from the air and listen in on GSM calls easily.” The issue is, once again, the strength of GSM encryption.

Bjoern Rupp, CEO at GSMK CryptoPhone, says the basic problem is not new. He told Infosecurity, “We have been saying for years now that GSM is insecure, highlighting the original research in this field undertaken in the last few years. Mr Akib Sayyed has used publicly available software to demonstrate well-known weaknesses of the GSM system, as others have in previous years in Europe and in other areas of the world. Identity cloning and the associated fraud delicts are one side of the issue, interception of confidential calls is the other. Unfortunately, these problems affect all GSM networks world-wide, and do indeed deserve increased public attention.”

Eli Hizkiyev, a senior vice president at Cryptzone, agrees. “Even with A5/1 encryption switched on,” he says, “as researcher Karsten Nohl and his team started demonstrating some 18 months ago - even this level of encryption can be cracked, but as this news report notes, with A5/0 encryption it also becomes possible to clone SIM card identities and make calls charged to the legitimate user's account," he said.

Hizkiyev is also concerned about the suggestion that providers are switching off most of their encryption to preserve bandwidth. He notes that many of the UK GSM carriers are also hitting digital gridlock on their networks in city areas at peak time, and he asks whether they too are lowering the encryption technology used on their calls. Hizkiyev suggests that a degree of additional security can be obtained by switching to 3G calls, where the standard encryption is A5/3; but notes that even that is insecure (Infosecurity reported at the beginning of 2010 that providers sometimes ‘dumb down’ the encryption and it can be cracked within a few hours).

Bjoern Rupp believes that true mobile phone security can only be achieved with strong end-to-end encryption. “The entire A5 family of GSM's ‘built-in’ encryption algorithms,” he told Infosecurity, “have all been broken by several researchers over the last few years. Using weak encryption instead of no encryption can thus only be considered a modest improvement. Only strong end-to-end encryption supplied by a trustworthy party with no conflicting interests will reliably protect confidential telephone calls from interception.”

This article is featured in:
Encryption  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×