Featured Articles

TSMC: Volume production of 16nm FinFET in 2H 2015

TSMC: Volume production of 16nm FinFET in 2H 2015

TSMC has announced that it will begin volume production of 16nm FinFET products in the second half of 2015, in late…

More...
AMD misses earnings targets, announces layoffs

AMD misses earnings targets, announces layoffs

AMD has missed earnings targets and is planning a substantial job cuts. The company reported quarterly earnings yesterday and the street is…

More...
Did Google botch the Nexus 6 and Nexus 9?

Did Google botch the Nexus 6 and Nexus 9?

As expected, Google has finally released the eagerly awaited Nexus 6 phablet and its first 64-bit device, the Nexus 9 tablet.

More...
Gainward GTX 970 Phantom previewed

Gainward GTX 970 Phantom previewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
EVGA GTX 970 SC ACX 2.0 reviewed

EVGA GTX 970 SC ACX 2.0 reviewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Monday, 19 May 2008 07:39

Security lacking on GSM and VoIP networks

Written by David Stellmack

Image

Potential hacking and eavesdropping issues

GSM technology, the most widely used mobile phone standard, is insecure. This claim comes from a security expert at the LayerOne Security Conference that took place over the weekend in Pasadena, California. GSM has become a world wide standard for cellular networks, although the uptake is somewhat smaller in the U.S.

The speaker, David Hulton, claims that GSM is so insecure it is feasible to track the location of mobile users, and with a bit of effort, to even listen in to mobile calls as they are taking place. Hulton claims he has cracked the encryption algorithm the mobile phones use, and stated, “GSM security should become more secure or at least people should know they shouldn’t be talking about (sensitive) things over GSM. Somebody could possibly be listening over the line.”

Hulton also claims that with a $900 investment, equipment can be purchased and free software used to create a false network device to track traffic across a mobile network. “You can see all the cell phones connected to the base station. You can’t see calls, but people associated with the calls. You can also do location tracking. If you know somebody is on the network you can see how close to the base station they are,” he said.

This is feasible because the subscriber identifier (the user identification number) is easily visible on traffic, even though identifiers are not supposed to be transmitted in plain text. Hutton indicated that while it might not be legal to view that data, it is still relatively easy to do.

Another conference speaker, David Bryan, Senior Security Consultant with security company Netspi, was also highly critical of Voice Over IP (VoIP) systems. He indicated that while VoIP saves corporations and consumers a lot of money, such systems typically have “little to no security.” 

VoIP is based on open standards generally that do not encrypt traffic, leaving them a target for eavesdropping, intercepted calls, fake and bogus voice messages. Bryan demonstrated this by injecting an emergency broadcast message into an ongoing mobile phone conversation while he recorded the call with an automated tool.

He pointed out that Skype does have encryption and also uses proprietary technology so that outsiders cannot dissect the code. Vonage, however, offers no encryption and no security at all is currently in place, according to Bryan.

Last modified on Monday, 19 May 2008 09:16

David Stellmack

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments