Featured Articles

KitKat has more than a fifth of Android users

KitKat has more than a fifth of Android users

Android 4.4 is now running on more than a fifth of Android devices, according to Google’s latest figures.

More...
Nvidia introduces five new Quadro cards

Nvidia introduces five new Quadro cards

Nvidia has revamped its Quadro professional graphics line-up with a total of five new cards, two of which are based on…

More...
AMD Tonga XT graphics cards come later

AMD Tonga XT graphics cards come later

According to sources who wish to remain unnamed, we should see an AMD Tonga XT-based graphics card launched sometime in September.

More...
Nvidia Maxwell Geforce 800 comes in September

Nvidia Maxwell Geforce 800 comes in September

Nvidia was always cautious when talking about upcoming Maxwell parts, the first of which was launched back in March and based…

More...
Aerocool Dead Silence reviewed

Aerocool Dead Silence reviewed

Aerocool is well known for its gamer cases with aggressive styling. However, the Dead Silence chassis offers consumers a new choice,…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Monday, 19 May 2008 07:39

Security lacking on GSM and VoIP networks

Written by David Stellmack

Image

Potential hacking and eavesdropping issues

GSM technology, the most widely used mobile phone standard, is insecure. This claim comes from a security expert at the LayerOne Security Conference that took place over the weekend in Pasadena, California. GSM has become a world wide standard for cellular networks, although the uptake is somewhat smaller in the U.S.

The speaker, David Hulton, claims that GSM is so insecure it is feasible to track the location of mobile users, and with a bit of effort, to even listen in to mobile calls as they are taking place. Hulton claims he has cracked the encryption algorithm the mobile phones use, and stated, “GSM security should become more secure or at least people should know they shouldn’t be talking about (sensitive) things over GSM. Somebody could possibly be listening over the line.”

Hulton also claims that with a $900 investment, equipment can be purchased and free software used to create a false network device to track traffic across a mobile network. “You can see all the cell phones connected to the base station. You can’t see calls, but people associated with the calls. You can also do location tracking. If you know somebody is on the network you can see how close to the base station they are,” he said.

This is feasible because the subscriber identifier (the user identification number) is easily visible on traffic, even though identifiers are not supposed to be transmitted in plain text. Hutton indicated that while it might not be legal to view that data, it is still relatively easy to do.

Another conference speaker, David Bryan, Senior Security Consultant with security company Netspi, was also highly critical of Voice Over IP (VoIP) systems. He indicated that while VoIP saves corporations and consumers a lot of money, such systems typically have “little to no security.” 

VoIP is based on open standards generally that do not encrypt traffic, leaving them a target for eavesdropping, intercepted calls, fake and bogus voice messages. Bryan demonstrated this by injecting an emergency broadcast message into an ongoing mobile phone conversation while he recorded the call with an automated tool.

He pointed out that Skype does have encryption and also uses proprietary technology so that outsiders cannot dissect the code. Vonage, however, offers no encryption and no security at all is currently in place, according to Bryan.

Last modified on Monday, 19 May 2008 09:16

David Stellmack

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments