Jump to content


Photo

GSM security problem

- - - - -

  • Please log in to reply
7 replies to this topic

#1
fnormanski

fnormanski

    Newbie

  • Members
  • Pip
  • 4 posts
A special device called an International Mobile Equipment Identification (IMSI) catcher pretends to the mobile phones in its vicinity to be a legitimate base station of the mobile phone network.

This is possible because while the mobile phone has to authenticate itself to the mobile telephone network, the network does not authenticate itself to the mobile phone.

This blatant flaw in GSM security was intentionally introduced to facilitate eavesdropping without the knowledge or cooperation of the mobile phone network.

Once the mobile phone has accepted the IMSI catcher as its base station, the IMSI catcher can deactivate GSM encryption using a special flag.

Do you know any smartphone that can detect this special flag?

  • 0

#2
gpcarreon (MVP)

gpcarreon (MVP)

    RN, MS MVP-MD

  • Members
  • PipPipPipPipPipPip
  • 4,528 posts
  • Location:Legazpi, Philippines
  • Devices:Cherry Mobile Eclipse
What exactly do you mean by the 'flag' ?

The C500 has a registry entry for 'LastUserIMSI'

  • 0
2425a96d204b681be05922b8a6b210c80f03f237

#3
mcwarre

mcwarre

    I've always wanted to explore the Pacific rim

  • Members
  • PipPipPipPipPipPip
  • 2,329 posts
  • Gender:Male
  • Location:Lincoln
  • Devices:Samsung: Galaxy S2 & Tab 10.1
GSM Encryption? Since when? GSM security is provided via timeslots which makes it extremely difficult to listen into without a psuedo-base station (as above). GSM has no encryption built in.......

  • 0
"Success is not to be measured by the position someone has reached in life, but the obstacles he has overcome while trying to succeed."

Booker T. Washington

#4
kalinte

kalinte

    Diehard

  • Members
  • PipPipPipPip
  • 453 posts
remember "bourne supremacy"? he made a copy of the sim and therefor able to listen to thier conversations. i think that's for real.

  • 0

#5
mcwarre

mcwarre

    I've always wanted to explore the Pacific rim

  • Members
  • PipPipPipPipPipPip
  • 2,329 posts
  • Gender:Male
  • Location:Lincoln
  • Devices:Samsung: Galaxy S2 & Tab 10.1

remember "bourne supremacy"? he made a copy of the sim and therefor able to listen to thier conversations. i think that's for real.

<{POST_SNAPBACK}>


I don't think so. That would mean two devices on the network at the same time with the same sim id and same IMEI (GSM uses IMEI as part of its security/authentication) methods. I wish people would at least come up with some opinion which is based in fact rather than complete guesswork being passed off as fact.......................

  • 0
"Success is not to be measured by the position someone has reached in life, but the obstacles he has overcome while trying to succeed."

Booker T. Washington

#6
x2ferg

x2ferg

    Newbie

  • Members
  • Pip
  • 3 posts
  • Devices:"Feeler" Xphone II - O2

I don't think so. That would mean two devices on the network at the same time with the same sim id and same IMEI (GSM uses IMEI as part of its security/authentication) methods.  I wish people would at least come up with some opinion which is based in fact rather than complete guesswork being passed off as fact.......................

<{POST_SNAPBACK}>


That's absolutely true! Even if you can Mimic the function of the BTS/Cellsite... its useless because the ciphering key is stored on the SIM (chip-embeded)and to the network database. If you are to ask the mobile to authenticate thru the dummy BTS, it would only respond if you have the authentic data from the Network wich the phone provided on its First Time Location Update. This SIM data are hard-coded first hand before the SIM even made to the market. These same keys are used for authentication and encryption of voice plus the timeslot issues & hoping you have to resolve . Its a one-way encryption so... good luck! :)

At least you guys have an idea about the issues of "Garci". Its either the unit it self is hardware-tweaked or the other line is in a fixed network.. thru air-tapped... nah! close to IMPOSSIBLE. :D

  • 0

#7
4andy

4andy

    Newbie

  • Members
  • Pip
  • 1 posts
  • Devices:null
please see http://news.bbc.co.u...ogy/4738219.stm

for anyone who is potentially a target of phone attack, may i suggest cryptophone. it is what we use, has no backdoors, open code to verify encryption, and is the only safe phone system i know off.

plus, if you dont want to spend 2000, there is a free version for xp.

something that has not been mentioned here is the fact that cellphone calls are regularily routed through unencrypted microwave links, small unknown line providers to keep costs down, and what about your competitors bribing a vodafone employee to forward all your calls/text messages/ voicemail for a few hundred pounds?
it recently happpened to the queen and the royal princes.

my advice is anyone who has ever spoken about a deal worth 1000,000 or more on the phone is asking for trouble. if the phones unencrypted. :D

*IF YOU ARE GOING TO BUY A ENCRYPTED PHONE, ENSURE THERE ARE NO BACK-DOORS INTO THE SYSTEM, AND HAVE IT AUDITED INDEPENDANTLY. NEVER BUY AN ENCRYPTED PHONE EXCEPT FACTORY DIRECT*. YOU HAVE BEEN WARNED.

Edited by 4andy, 17 September 2006 - 10:29 AM.

  • 0

#8
mcwarre

mcwarre

    I've always wanted to explore the Pacific rim

  • Members
  • PipPipPipPipPipPip
  • 2,329 posts
  • Gender:Male
  • Location:Lincoln
  • Devices:Samsung: Galaxy S2 & Tab 10.1
Using encryption on a phone will automatically get certain agencies interested in your phone calls :D

If you have this on a phone and take it across a border you are, technically, undertaking an illegal act unless you supply the relevent keys to the appropriate authorities. Beware!!!

  • 0
"Success is not to be measured by the position someone has reached in life, but the obstacles he has overcome while trying to succeed."

Booker T. Washington




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users