Researchers Demo New GSM Attacks at Chaos Communications Congress 17
First time accepted submitter aeturnus writes "A new attack on the GSM mobile communications protocol has been demonstrated by Karsten Nohl and Luca Melette of Security Research Labs, based off their previously published attacks around vulnerabilities in the GSM A5/1 encryption protocol. This new attack, which Nohl indicates already in use by criminals, allows an attacker to simulate a GSM mobile and use it to make calls and send text messages. Nohl also discussed protective measures users should take against these attacks, and others in use by intelligence communities around the world." This was just one of many presentations at the 28th Chaos Communications Congress.
protective measures (Score:5, Informative)
From the summary, it doesn't sound like there are actually particularly feasible protective measures to use on a routine basis. All I see is some discussion of the "Catcher Catcher" [srlabs.de] software, which can be used to estimate the likelihood of an "IMSI catcher" being used in the vicinity. But this isn't something most users can practically use on a routine basis.
Re:Carriers might be able to deal with this (Score:3, Informative)
The aren't using your physical phone to send the SMS/Calls. They are only using your phone's identity.
Re:Carriers might be able to deal with this (Score:3, Informative)
Firewall software on your phone doesn't stop people from using your phone's ID on a fake phone, so "maybe stuff like lookout mobile" cannot do shit about it.