GSM phones -- call them unsafe, says security expert

(PhysOrg.com) -- A German security expert has issued a warning that billions of mobile phone users who depend on GSM networks are vulnerable to having their personal mail hacked. He blames the problem on network operators that use outdated network security. Karsten Nohl, head of Germany's Security Research Labs, a Berlin-based consulting company, was readying his presentation of study findings for a security convention and highlighted his troubling study results.

Hackers can gain remote control of a person’s phone and then send text messages, ordering up pay-for services, for example, which the victim then discovers in the form of surprise bills, or place calls.

With the stinging news of how reporters have intruded into people’s phone conversations and the latest security flap affecting Stratfor, his warning carried resonance this week.

Nohl said that he was able to intercept voice and text conversations by impersonating another user to listen to their voice mails or make calls or send text messages. Even more troubling was that he was able to pull this off using a seven-year-old Motorola cellphone and decryption software available free off the Internet.

Nohl was able to decipher the standard electronic exchange of information between phone and network. This is coded instruction/command-type information such as “Wait” or “I have a call for you.” Nohl said that most operators vary little from the standard setup procedure and therein is vulnerability.

He made educated guesses to decipher the algorithmic keys used by networks to encrypt transmissions. He said mobile telecom operators could resolve the security weaknesses by updating their software. (According to a report in The New York Times, much of digital technology used to secure cellphone call privacy was developed in the 1980s and 1990s.)

This type of attack could expose any cellphone using GSM technology. GSM digital networks are in use throughout the world. In the U.S., the GSM standard is used by AT&T and T-Mobile USA.

The study’s researchers reviewed 32 operators in 11 countries. These were Austria, Belgium, the Czech Republic, France, Germany, Hungary, Italy, Morocco, Slovakia, Switzerland and Thailand. The operators were rated on how easily the researchers intercepted calls, tracked phones, or impersonated someone else’s device. Germany’s T-Mobile GSM network ranked the highest in providing security protection; the company has enhanced security measures in place.

Nohl’s company engages in technology projects at companies and governments focused on understanding technology risks According to his Security Research Labs, GSM telephony is the world’s most popular communication technology spanning most countries and connecting over four billion devices.

© 2011 PhysOrg.com