On 27th December 2009 at the 26th Chaos Communication Congress (26C3) in Berlin, the security researcher Karsten Nohl announced that a GSM codebook – a large lookup table of GSM encryption keys – had successfully been computed and was freely available on the internet. This follows Nohl’s August presentation at the HAR 2009 conference where the project was first announced.
Why is this important?
The GSM codebook cracks standard encryption in GSM calls enabling them to be listened to. This is the first time a GSM codebook has been made publicly available. There is no other standard encryption option on GSM making 80% of all mobile phones vulnerable.
What else does an attacker need to do to listen to
GSM calls?
In addition to the GSM codebook, an attacker would also need equipment to intercept and process GSM radio waves, and methods to target mobile phone callers. The GSM Association reports that this is very difficult to achieve. However, Nohl disputed this and specified all the equipment required: costing less than $5,000 and readily available on the internet.
To target a specific phone call, the attacker needs to know the IMEI (unique serial number) of the phone, which identifies the call over the airwaves. This can be obtained directly from the phone by entering ‘#06#’ into the phone (requires physical access), sending an SMS (requires the phone number), using malware, or by observing a caller and matching call patterns (requires visual proximity or access to phone log).
Are all my phone calls now at risk?
Not from this specific attack – only GSM calls, and only calls that are specifically targeted by criminals: calls using 3G and CDMA are currently not affected. Also, because of the complexity of this attack, it is expected that only organized criminals will have the motivation to acquire the equipment, target phone calls and perform an attack, rather than casual untargeted random attacks.
However, be aware that there are other common methods of eavesdropping calls, including 3G and CDMA that do not involve using a codebook. Also specific calls, or all calls in an area, can be recorded and targeted and decrypted at a later date.
|
Anybody who discusses confidential or sensitive information on their mobile phone should immediately assume that they can be eavesdropped and act accordingly.
Cellcrypt provides a number of ways to help organizations and individuals better protect their mobile phone calls from being compromised, including:
|
 |
1) |
|
|
|
2) |
|
|
|
|
3) |
Use Cellcrypt Mobile WiFi-only version FREE for 90 days*: please contact us for more information. This WiFi-only version enables immediate protection of calls from your mobile phone. |
|
|
|
4) |
Use Cellcrypt Mobile Trial version FREE for 14 days**: please contact us for more information. A full version enables calls across cellular (2.5G/3G/3.5G) and satellite networks as well as WiFi networks |
|
|
|
5) |
Understand the wider context of mobile phone interception risks and best practices of protection by referencing Cellcrypt’s introductory guides: |
|
|
| |
* Cellcrypt can recommend independent risk assessment providers |
|
