GSM, the 2G network standard used on three billion phones worldwide, is showing its age. In a talk yesterday at the Chaos Communication Congress in Berlin, hackers Karsten Nohl and Luca Melette demonstrated how they can use easily-available decryption software and a basic phone to impersonate other 2G GSM phones. Once they've done so, they can make calls, send text messages, and check voicemail from the number.
Whenever a call is made from a GSM phone, the phone and network engage in a string of encrypted conversations that include a temporary ID for the phone and a secret key. If this data is recorded, it's possible to quickly crack the secret key and find the ID, then use those two pieces of information to impersonate the phone. The method works because of two factors: the weak encryption used by GSM and the fact that the key — which was originally supposed to be regenerated each time a call was made — is often used for several different transactions. The hack won't affect newer 3G or 4G networks, which are much more difficult to compromise.
Nohl says there are several ways to mitigate the problem, including some stopgaps that could be implemented within a few weeks. However, this isn't the first time that he's called attention to the weak security of GSM. In 2009, he cracked the encryption used for the standard with simple brute force, theoretically allowing him to listen in on phone conversations. Other hackers have also successfully intercepted calls with other methods. Nohl hopes that this latest issue will prove too big to ignore. "A lot of people tell me they never say anything interesting on their phones," he says in the talk. "And so the intercept doesn't affect them. Now, finally, this should."
Thanks to Verge user Junkie for the tip.