Forgot your password?
typodupeerror
Cellphones Encryption Privacy Security Wireless Networking

GPRS Can Be Hacked Easily, Claims German Researcher 50

Posted by timothy
from the wo-bin-ich-genau? dept.
hypnosec writes "A German technology researcher on Wednesday showed global mobile makers and technology firms how General Packet Radio Service can easily be tapped, intercepted, and decrypted with an average mobile phone and a few applications. According to the New York Times, Karsten Nohl, a computer engineer and mobile security researcher, demonstrated to fellow researchers gathered to attend Chaos Communication Camp, a Berlin-based hackers event, how to intercept the voice or data messages sent between mobile devices over GPRS easily, owing to weak protection provided by mobile network carriers for data information. Nohl, in collaboration with his colleague Luca Melette, tapped the information within a radius of five kilometers using a seven-year-old inexpensive mobile phone from Motorola." Computerworld also has an informative, link-laden account. If you are attending this year's CCC (only every four years, sadly), feel free to drop a line (with the submissions form) about cool projects you encounter there.
This discussion has been archived. No new comments can be posted.

GPRS Can Be Hacked Easily, Claims German Researcher

Comments Filter:
  • by drobety (2429764)
    That's why I got lost despite my GPS last time. Some people in my house tried to make me feel as if I was stupid.
  • They want their outdated mobile data standard back (preferably with no shipping charges)

  • using a seven-year-old inexpensive mobile phone from Motorola

    Yet another reason [slashdot.org] why I still use my RAZR. [wikipedia.org] MUHAHAHAHA!

    • by elsJake (1129889)
      They probably used the C123 from Motorola/
    • by antdude (79039)

      Which model do you have?

      Yep, they (v3t GSM) still work for my queen ant and me for basic phone calls. :)

    • by HTH NE1 (675604)

      Meanwhile my e815 is turning itself off rather than charge its battery. Three different chargers, two different batteries. Thankfully I was able to set up call forwarding before the first battery got too low to boot the phone.

  • I recently switched to Sprint which runs the much more secure CDMA [slashdot.org] net..............[NO CARRIER]

  • Isn't GPRS effectively obsolete at this point? The only time I see it in use is way out in the boonies where they're clearly near the bottom of the list for tower upgrades. Often the service is broken anyway (get GPRS connection with strong signal, but no packets make it through). 10 or 15 years ago this would have been a big issue, but these days I just can't see it.
    • 10 or 15 years ago this would have been a big issue, but these days I just can't see it.

      Given the near-total disregard for security I feel in most mobile network operators, I think anything that draws attention to how laughably easy it is to intercept cell data is worth talking about. Most people just assume that their cell data is secure, when every year at DEFCON we see more exploits .. and they never seem to get patched. With how ridiculously easy it is to encrypt internet traffic you'd think they could at least deploy some patches to fix some of these attacks... rogue towers anyone? They

      • You're talking about an industry which, until something like 2002, was still using unencrypted, 800 MHz AM transceivers and relying on laws passed by congress to force radio shack to cripple it's scanners...

    • by Jimbookis (517778)
      There are craploads of M2M terminals in Australia at least which rely on GPRS or SMS to convey data. These terminals are the portable credit and bank payment terminals used in every taxi and by mobile merchants and heaps and heaps of embedded telemetry systems. The carriers here are loathe to shut down the GSM/GPRS network because of the probably millions of embedded systems that rely on the GSM/GPRS network - the cost or replacement or redesign of these terminals is insanely expensive and will only be ph
    • GPRS is fine for e-mail, IM and such. Better than nothing when you're out in the wilderness (i.e. 30km beyond city limits :p)...

      • IM, maybe. GPRS, when I last used it, had a round trip time of about 2 seconds and a maximum throughput of aroudn 5KB/s. Basically, worse than a modem. Email is fine, unless someone sends you any attachments. IM is probably fine, although the latency may mean that you're asking questions after they're answered.
        • Can't say I've noticed much latency. Even tethered surfing (with Flashblock, NoScript and AdBlock Plus, of course) isn't really worse than flaky 3G (like on the train)... sure, Slashdot takes 20 times longer to load than at home, but when you're out in the boonies with nothing to do, 10 seconds to load the page of comments that you're going to spend 10 minutes reading isn't too bad ;)

          • Try running ping sometime. I found UMTS gave around 200ms average ping times, GPRS gave about 2000ms, to the same host. Wired connection gave about 70ms to the same host. 200ms is usable, 2000ms limits you to things that don't require interactivity. SSH over GPRS is painful.
  • Now that's it's fairly inexpensive ($50) and abundant that you can get GPRS transceivers, and the wire protocol is widely known today.... it's not surprising that folks can hack into it.

    I mean current technology R/C transceivers are more secure nowadays.

  • Are there any cellular protocols that are secure? That a criminal, corporation, or government couldn't hack? GPRS and CDMA are out from what I remember recently. Anything else been hacked? What hasn't been hacked yet?

    Also, are cellular communications inherently less secure than wired communications like a land line? Or are those even easier for say your phone company or government to listen in on?
    • by X0563511 (793323)

      Here's a tip: you don't have secure communications over the phone, period.

      Unless you have something like a fritz chip (that isn't retarded) it isn't secure.

      • Exactly. If you're relying on any protocol or device you don't control, it's not secure. You want secure? Use a VPN with keyfiles where you control the devices on both ends. That's a secure connection, but if you run Skype through it, that Skype call is not secure.

        I always considered phone calls, texts, and (at the very least) non-SSL cellular data traffic to be unsecure, so this news doesn't bother me.

  • by Anonymous Coward

    Karsten Nohl states - “One reason operators keep giving me for switching off encryption is, operators want to be able to monitor traffic, to detect and suppress Skype, or to filter viruses, in a decentralized fashion,” Mr. Nohl said. “With encryption switched on, the operator cannot ‘look into’ the traffic anymore while in transit to the central GPRS system.”

    This is rubbish. Deep Packet Inspection for the detection of layer 7 applications such as Skype being used by mobil

The unfacts, did we have them, are too imprecisely few to warrant our certitude.

Working...