Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Cellphones Privacy Security The Almighty Buck Wireless Networking

Cheap GSM Eavesdropping a Reality 75

Posted by Soulskill
from the poking-holes-in-the-ether dept.
Techmeology writes "GSM eavesdropping has been demonstrated at the Chaos Computer Club Congress in Berlin using a €10 Motorola phone and open source GSM firmware. Karsten Nohl and Sylvain Munaut replaced the firmware on the phone, enabling them to process all the data it received. They used already available rainbow tables to decrypt data being sent to and from other mobile phones. They have no plans to release the hack publicly, however they expect others to successfully attempt the hack. Mr. Nohl said the objective was to raise awareness of GSM's insecurity."
This discussion has been archived. No new comments can be posted.

Cheap GSM Eavesdropping a Reality

Comments Filter:
  • by dgatwood (11270) on Friday December 31, 2010 @12:37PM (#34722882) Journal

    Until phones use proper PK crypto with a proper certificate authority, key revocation, etc. under the user's control, you can safely assume your phone calls are trivially snooped over the air. That's just a great big "duh". Not at all surprising that it can be done cheaply. What's surprising is that it took so long.

  • Re:I don't care... (Score:4, Insightful)

    by TheRaven64 (641858) on Friday December 31, 2010 @01:02PM (#34723038) Journal
    Not true. The government will typically need a warrant to wiretap at the provider. At the very least, they will leave a paper trail. In contrast, they can tap into unsecured communications without any kind of warrant, and if they can do it with $10 of equipment then there is nothing that will require a paper trail.
  • Re:I don't care... (Score:4, Insightful)

    by nospam007 (722110) on Friday December 31, 2010 @01:32PM (#34723242)

    "The government will typically need a warrant ..."

    Boy you're so wrong. They just need a National Security Letter.

    http://www.wired.com/threatlevel/tag/national-security-letter/ [wired.com]

  • Re:I don't care... (Score:5, Insightful)

    by tunapez (1161697) on Friday December 31, 2010 @02:14PM (#34723624)

    Actually, they just need to promise to deliver one in a week...
    Third bullet from the bottom. [wikipedia.org]
     
    In this day and age of fear, a kid with an undetonated firecracker, a chip on his shoulder and a lighter could easily be labeled a 'terrorist threat'. Which any lawyer worth his/her salt, or golfs with the judge, could qualify as an 'emergency'. Getting around to sending the letter ex post facto? I'm sure it will be a top priority for the listeners already listening.

  • Re:I don't care... (Score:2, Insightful)

    by Anonymous Coward on Friday December 31, 2010 @04:18PM (#34724528)

    Remember the retroactive telecom immunity bill passed in 2008? Before that, the rules where that if, say AT&T, reasonably tried to obey the law (it didn't matter whether they actually did or not, they just had to try, and act in good faith) then they would be free of liability. This wasn't good enough so we needed FISA amended.

    Meeting requirements is too onerous? No, even trying to meet requirements is too onerous. Wanting to meet the requirements is too onerous. Having a vague intent to possibly try to be legal if it happens to be convenient, is too onerous. Asking them to not go out of their way to harm the public, is an insult to them.

    And we still vote for the people who changed that law. That's how low we've sunk. That's how important privacy is, and how much we believe in the spirit of the 4th amendment.

Bus error -- please leave by the rear door.

Working...