Featured Articles

Hands on: Nvidia Shield Tablet with Android 5.0

Hands on: Nvidia Shield Tablet with Android 5.0

We broke the news of Nvidia's ambitious gaming tablet plans back in May and now the Shield tablet got a bit…

More...
Nokia N1 Android tablet ships in Q1 2015

Nokia N1 Android tablet ships in Q1 2015

Nokia has announced its first Android tablet and when we say Nokia, we don’t mean Microsoft. The Nokia N1 was designed…

More...
Marvell launches octa-core 64-bit PXA1936

Marvell launches octa-core 64-bit PXA1936

Marvell is better known for its storage controllers, but the company doesn’t want to give up on the smartphone and…

More...
TSMC 16nm FinFET Plus in risk production

TSMC 16nm FinFET Plus in risk production

TSMC’s next generation 16nm process has reached an important milestone – 16nm FinFET Plus (16FF+) is now in risk production.

More...
Nvidia GTX 970 SLI tested

Nvidia GTX 970 SLI tested

Nvidia recently released two new graphics cards based on its latest Maxwell GPU architecture, with exceptional performance-per-watt. The Geforce GTX 970…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Monday, 19 May 2008 07:39

Security lacking on GSM and VoIP networks

Written by David Stellmack

Image

Potential hacking and eavesdropping issues

GSM technology, the most widely used mobile phone standard, is insecure. This claim comes from a security expert at the LayerOne Security Conference that took place over the weekend in Pasadena, California. GSM has become a world wide standard for cellular networks, although the uptake is somewhat smaller in the U.S.

The speaker, David Hulton, claims that GSM is so insecure it is feasible to track the location of mobile users, and with a bit of effort, to even listen in to mobile calls as they are taking place. Hulton claims he has cracked the encryption algorithm the mobile phones use, and stated, “GSM security should become more secure or at least people should know they shouldn’t be talking about (sensitive) things over GSM. Somebody could possibly be listening over the line.”

Hulton also claims that with a $900 investment, equipment can be purchased and free software used to create a false network device to track traffic across a mobile network. “You can see all the cell phones connected to the base station. You can’t see calls, but people associated with the calls. You can also do location tracking. If you know somebody is on the network you can see how close to the base station they are,” he said.

This is feasible because the subscriber identifier (the user identification number) is easily visible on traffic, even though identifiers are not supposed to be transmitted in plain text. Hutton indicated that while it might not be legal to view that data, it is still relatively easy to do.

Another conference speaker, David Bryan, Senior Security Consultant with security company Netspi, was also highly critical of Voice Over IP (VoIP) systems. He indicated that while VoIP saves corporations and consumers a lot of money, such systems typically have “little to no security.” 

VoIP is based on open standards generally that do not encrypt traffic, leaving them a target for eavesdropping, intercepted calls, fake and bogus voice messages. Bryan demonstrated this by injecting an emergency broadcast message into an ongoing mobile phone conversation while he recorded the call with an automated tool.

He pointed out that Skype does have encryption and also uses proprietary technology so that outsiders cannot dissect the code. Vonage, however, offers no encryption and no security at all is currently in place, according to Bryan.

Last modified on Monday, 19 May 2008 09:16

David Stellmack

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments