clock menu more-arrow no yes

Filed under:

Hackers can impersonate GSM cell phones

New, 12 comments

In a talk for the Chaos Communication Congress in Berlin, hacker and computer security expert Karsten Nohl demonstrated a way to impersonate 2G GSM cell phones, allowing him to make calls, send texts, and listen to voicemail for other numbers. This hack is the latest in a series of demonstrations of the weakness of the 20-year-old network, which covers three billion phones worldwide.

28c3
28c3

GSM, the 2G network standard used on three billion phones worldwide, is showing its age. In a talk yesterday at the Chaos Communication Congress in Berlin, hackers Karsten Nohl and Luca Melette demonstrated how they can use easily-available decryption software and a basic phone to impersonate other 2G GSM phones. Once they've done so, they can make calls, send text messages, and check voicemail from the number.

Whenever a call is made from a GSM phone, the phone and network engage in a string of encrypted conversations that include a temporary ID for the phone and a secret key. If this data is recorded, it's possible to quickly crack the secret key and find the ID, then use those two pieces of information to impersonate the phone. The method works because of two factors: the weak encryption used by GSM and the fact that the key — which was originally supposed to be regenerated each time a call was made — is often used for several different transactions. The hack won't affect newer 3G or 4G networks, which are much more difficult to compromise.

Nohl says there are several ways to mitigate the problem, including some stopgaps that could be implemented within a few weeks. However, this isn't the first time that he's called attention to the weak security of GSM. In 2009, he cracked the encryption used for the standard with simple brute force, theoretically allowing him to listen in on phone conversations. Other hackers have also successfully intercepted calls with other methods. Nohl hopes that this latest issue will prove too big to ignore. "A lot of people tell me they never say anything interesting on their phones," he says in the talk. "And so the intercept doesn't affect them. Now, finally, this should."

Thanks to Verge user Junkie for the tip.