Related Links

Related Stories

  • Cryptzone warns against running Android apps on the Apple iPad
    Reports are coming in that crackers have developed a coding methodology for wrapping Android apps in an iOS-friendly wrapper, allowing the apps to execute normally on an Apple iPad.
  • German researcher develops GSM/GPRS data monitoring software
    Reports are coming in that Karsten Nohl - a leading cellular security researcher who has publicly demonstrated the eavesdropping of GSM (2G) voice calls - has developed software that monitors multiple GSM data channels, effectively allowing the user to monitor a live cellular data transmission.
  • Security researchers subvert GSM encryption
    It seems that security researchers are getting a lot better at cracking the encryption seen on GSM cellular networks, as two experts have demonstrated how digital cellular phone calls can be remotely eavesdropped using a cluster of four budget GSM handsets and a laptop computer running open source software.
  • 3G encryption cracked in less than two hours
    In a jaw-dropping piece of research, a trio of researchers have published a paper explaining how the A5/3 encryption system – which is being phased in on many 3G cellular networks around the world – can be cracked in less than two hours.
  • GSM 64-bit encryption standard cracked and posted to web
    Mobile hardware vendors and carriers alike will have been less than pleased to learn that a German security researcher has not only cracked the GSM A5/1 encryption standard, but posted the resulting multi-terabyte decoded tables to the internet.

Top 5 Stories


Indian company hacks GSM and usurps IMSI

21 March 2012

At a security conference organized by Null in India, Matrix Shell claimed and demonstrated the ability to hack into GSM phones and manipulate the user’s International Mobile Subscriber Identity.

A report in The Hindu Business Line newspaper claims, “They showed it is possible... to use a subscriber's IMSI and make calls; to illegally intercept calls; to draw up large bills against a post-paid subscriber's accounts; and to deplete a prepaid subscriber's balance...”

The report also quotes Akib Sayyed, one of the founders of Matrix Shell, saying, “The standard encryption on GSM should be a5/1 whereas in India most providers mostly use a5/0 which is practically no encryption. This allows an attacker to use various open source software to sniff communication from the air and listen in on GSM calls easily.” The issue is, once again, the strength of GSM encryption.

Bjoern Rupp, CEO at GSMK CryptoPhone, says the basic problem is not new. He told Infosecurity, “We have been saying for years now that GSM is insecure, highlighting the original research in this field undertaken in the last few years. Mr Akib Sayyed has used publicly available software to demonstrate well-known weaknesses of the GSM system, as others have in previous years in Europe and in other areas of the world. Identity cloning and the associated fraud delicts are one side of the issue, interception of confidential calls is the other. Unfortunately, these problems affect all GSM networks world-wide, and do indeed deserve increased public attention.”

Eli Hizkiyev, a senior vice president at Cryptzone, agrees. “Even with A5/1 encryption switched on,” he says, “as researcher Karsten Nohl and his team started demonstrating some 18 months ago - even this level of encryption can be cracked, but as this news report notes, with A5/0 encryption it also becomes possible to clone SIM card identities and make calls charged to the legitimate user's account," he said.

Hizkiyev is also concerned about the suggestion that providers are switching off most of their encryption to preserve bandwidth. He notes that many of the UK GSM carriers are also hitting digital gridlock on their networks in city areas at peak time, and he asks whether they too are lowering the encryption technology used on their calls. Hizkiyev suggests that a degree of additional security can be obtained by switching to 3G calls, where the standard encryption is A5/3; but notes that even that is insecure (Infosecurity reported at the beginning of 2010 that providers sometimes ‘dumb down’ the encryption and it can be cracked within a few hours).

Bjoern Rupp believes that true mobile phone security can only be achieved with strong end-to-end encryption. “The entire A5 family of GSM's ‘built-in’ encryption algorithms,” he told Infosecurity, “have all been broken by several researchers over the last few years. Using weak encryption instead of no encryption can thus only be considered a modest improvement. Only strong end-to-end encryption supplied by a trustworthy party with no conflicting interests will reliably protect confidential telephone calls from interception.”

This article is featured in:
Encryption  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×