Hackers can crack GSM networks in 'seconds'


Hackers can crack GSM networks in 'seconds'

Antony Adshead
GSM mobile telephone networks have a flawed security algorithm and can be cracked using a PC connected to a mobile phone, security consultancy ISS has warned.

ISS is to publish a white paper in the next month detailing the threat.

It says the risk is increased by the proliferation of handheld devices used to access enterprise systems and the Internet via GSM, a global system for mobile communications.

Mobile phones and handhelds are now used by thousands of UK businesses.

ISS analyst Gunter Ollman said, "Using easily-available equipment someone could choose their favourite financial director and track that person using cell location information to monitor their voice, SMS and mobile Internet traffic for passwords and bank details."

The problem lies in the Comp 128 encryption algorithm in GSM transmissions. Hackers using a PC and mobile phone can crack Comp 128 within seconds.

They could then emulate a GSM base station to gain access to confidential business information or personal details.

Ollman said that more secure algorithms do exist for GSM but carriers do not use them because they are more costly to implement.

He advises business users to be aware of the potential vulnerabilities of GSM and ensure that sensitive business is not conducted on mobile phones.

Ovum analyst Jeremy Green said, "It used to be only governments who had the computing power to do this - now it is within the reach of individuals.

While I don't believe this is a widespread problem businesses may want to think about securing their mobile communications."

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy