By modifying off-the-rack mobile phones to turn them into network “sniffers,” a pair of researchers showed the Chaos Computer Club Congress meeting in Berlin a start-to-finish hack they used to eavesdrop on text messages and voice calls sent over the GSM network, according to Jon Borland of Wired.com.
The researchers laid out a hack consisting of three stages: an Internet search to locate a specific phone’s region; a “sniffer” transmitter that sends “silent” messages to the target phone to prompt a response without the user’s knowledge; and decryption software that takes advantage of most carriers’ use of random or repeated characters in the “padding” interspersed in encrypted transmissions.
As mobile networks mature, legacy systems become embedded in the infrastructure, providing easy entry points for malicious hackers hunting up security loopholes. Although considered a second-generation or 2G standard, GSM remains the most widely used protocol in mobile communications globally; many higher-speed systems using 3G standards for data transmission still rely on GSM for voice and text. [via ars technica]