But according to a study to be presented Tuesday, cellphone users in Europe and the rest of the world may be just as vulnerable as the actor Hugh Grant and other celebrities to having their personal voice mail hacked — or worse — because of outdated mobile network security.
In a study of 31 mobile operators in Europe, Morocco and Thailand, Karsten Nohl, a Berlin hacker and mobile security expert, found that many operators provided poor or weak defenses to protect consumers from illicit surveillance and identity theft.
Mr. Nohl said he was able to hack into mobile conversations and text messages and could impersonate the account identities of cellphone users in 11 countries using an inexpensive, 7-year-old Motorola cellphone and free decryption software available on the Internet. He has tested each mobile operator more than 100 times, he said, and has ranked the quality of their defenses.
He plans to present his results at a convention of the Chaos Computer Club, a hackers’ group, in Berlin, where he will open the project to researchers in other countries.
In 2009 Mr. Nohl, who runs a Berlin consulting company, Security Research Labs, published the algorithms used to encrypt voice and data conversations on GSM digital networks, which are used in Europe and elsewhere.
In an interview, Mr. Nohl said he had made sure to conduct his latest research to avoid the illegal theft of data and communications by intercepting the phone transmissions of a colleague during field tests. In random tests, he said, he ended interceptions just one or two seconds after they began.
The technique he uses focuses on deciphering the predictable, standard electronic “conversations” that take place between a cellphone and a mobile network at the beginning of each call. Typically, Mr. Nohl said, as many as 40 packets of coded information are sent back and forth, many just simple commands like, “I have a call for you,” or “Wait.”
Most operators vary little from this set-up procedure, which Mr. Nohl said allowed him to use hacking software to make high-speed, educated guesses to decipher the complex algorithmic keys networks use to encrypt transmissions. Once he derived this key, Mr. Nohl said, he was able to intercept voice and data conversations by impersonating another user to listen to their voice mails or make calls or send text messages on their mobile accounts.
Mr. Nohl said operators could easily fix this vulnerability in the GSM system, which is found in older 2G networks used by almost every cellphone, including smartphones, with a simple software patch. His research found that only two operators, T-Mobile in Germany and Swisscom in Switzerland, were already using this enhanced security measure, which involves adding a random digit to the end of each set-up command to thwart decoding. (For example, “I have a call for you 4.”)
“This is a major vulnerability in most networks we tested, and the irony is that it costs very little, if nothing, to repair,” Mr. Nohl said. “Often it is just a question of inertia on the part of operators, or they have other priorities, such as building their networks.”
Philip Lieberman, the chief executive and president of Lieberman Software, a company in Los Angeles that sells identity management software to large businesses and the U.S. government, said much of the digital technology that protects the privacy of cellphone calls had been developed in the 1980s and 1990s and is now ripe for attack.
That said, Mr. Lieberman added that the kind of interception being done by researchers like Mr. Nohl demands a level of skill and sophistication that is beyond the abilities of most individuals.
Article source: http://www.nytimes.com/2011/12/26/technology/26iht-hack26.html?partner=rss&emc=rss