Get ready to be freaked out, as some security researchers were able to hack GSM calls and texts using $15 phones, some open source software and about 3 minutes.
According to Ars Technica, the folks at Security Research labs say GSM cell phone calls use outdated encryption and can be cracked with a “rainbow tablet.” This lets you record calls without the knowledge of the caller, as well as intercept SMS.
To create a network sniffer, the researchers replaced the firmware of a simple Motorola GSM phone with their own alternative, which allowed them to retain the raw data received from the cell network, and examine more of the cellphone network space than a single phone ordinarily monitors. Upgrading the USB connection allowed this information to be sent in real time to a computer.
By sniffing the network while sending a target phone an SMS, they were able to determine precisely which random network ID number belonged to the target. This gave them the ability to identify which of the myriad streams of information they wanted to record from the network.
All that was left was decrypting the information. Not a trivial problem, but made possible by the way operator networks exchange system information with their phones.
The good news is that the researchers say that UMTS and LTE provide stronger alternatives and these are rolled out in many of the developed markets. Still, it’s always going to be a cat-and-mouse game with hackers, so I’m sure we’ll start to hear about LTE and UMTS being cracked in the not-too-distant future.
[Via Ars Technica, photo]
