In a study of 31 mobile phone operators in Europe, Morocco, and Thailand, Nohl found that many operators provide weak network security for subscribers, according to a report by the New York Times.
Nohl, who heads Berlin-based Security Research Labs, said he hacked into mobile phone conversations and text messages using a seven-year-old Motorola phone and free decryption software available on the internet, according an interview with the newspaper. He said that he tested each operator more than 100 times and ranked the quality of their network defenses.
The German research told the newspaper that he hacked into conversations and text messages of a colleague, who agreed to participate in the field tests. His technique deciphers the electronic packets of encrypted information that are exchanged between a mobile phone and its network at the beginning of the call.
Nohl used the software to make educated guesses to decipher the algorithmic keys used to encrypt the transmissions. Once he had the keys, he was able to intercept voice and data conversations by impersonating another user to listen to voice mails or make calls and send text messages on their mobile account, he told the newspaper.
“This is a major vulnerability in most networks we tested, and the irony is that it costs very little, if nothing, to repair”, Nohl said. “Often it is just a question of inertia on the part of operators, or they have other priorities, such as building their networks.”