Hacking mobile lines: too easy for Karsten Nohl

antennes relais


Karsten Nohl, security expert, had already put the emphasis on the weakness of the protection of communications on mobile networks when he had shown the weakness of the A5/1 algorithm used for 20 years to secure the flow of communications in 2009.

Operators had replicated indicating that piracy of a mobile line in particular was not so easy in real conditions and that there was another more powerful encryption system, based on an algorithm A5/3, deployed on 3 G networks.

The case of illegal mobile eavesdropping at the United Kingdom, which has led to the closure of the newspaper News of the World and scratched the image of the press magnate Rupert Murdoch, has however demonstrated that mobile lines piracy go far enough.

In a new comparative networks mobile 31 European mobile operators, Karsten Nohl sinking again the highlight on this aspect stating that most operators still very poorly to protect communications on their network, opening the door to the illegal eavesdropping and other fraudulent activities.

He said including have been able to eavesdrop on the communications of mobile subscribers in 11 countries by simply using an old Motorola mobile of 7 years and freely available on the Internet decryption software.

Making a hundred listening tests in each country, it produces the result of his observations at an event organized at the initiative of the Chaos Computer Club. And to avoid the criticism launched against its previous work to bring into disrepute them, Karsten Nohl has this time taken care to put in place a strict test framework to avoid being directly accused of data theft.

Outside colleagues who have expressly given their agreement to test his method, the "pirate" eavesdropping of communications were interrupted one to two seconds after their initiation in blind tests carried out in different countries.

A question of inertia
Listen to the call Initiation Protocol can allow to listen to a user's mobile communications but it also gives the opportunity to make calls or send SMS in its name, constitute as many cases of identity theft.

Karsten Nohl said that operators could easily remedy this problem on 2 G networks, by a patch but he observed that only two operators on the studied together, T-Mobile in Germany and Swisscom in Switzerland, have strengthened their security at this level. It is this lack of response on the inertia of the operators account more than actual technical constraints.

But if the method does not require much equipment, it is however not yet to the scope of any one. However, it could be a problem at the time of the development of mobile payment systems. If the systems put in place by the banking institutions are strong, it may be possible to exploit the weaker links as the sending of SMS for at least the information.


Post a Comment