Mobile Phone Hacking for £1000

History was made the other evening when the UK’s three wannabe prime ministers took centre stage for a TV debate. This was the culmination of weeks of rehearsals, practice runs and body language training.

But what if I then tell you that every mobile phone call made by one of the campaign teams preparing for this TV event was secretly recorded and analysed, enabling their rival to understand everything from the campaign strategy through to the likely rebuttal to a particular question?

Illegal? Of course. Farfetched? No longer.

The past few months has seen the mobile phone industry thrown into turmoil as the computer hacking community has carried out successful attacks against mobile phone call security. I wrote an article about such a hack a while back, but at that point it remained a theory rather than a practical way to listen into mobile phone calls.

In this article I commented that the best way of getting access to mobile phone calls was to setup a fake base station, something that has historically been difficult and expensive. Little did I know that within 4 months we would have a practical mobile phone hacking kit, using off the shelf equipment and a fake base station, for around £1000. Not only that but the software needed to run the hack is available as a neatly packaged CD – free of charge.

There is even a video demonstration of the hack available here

Government agencies have had capabilities to listen into mobile phone calls for years, by tapping the insecure and unencrypted landlines that run from cellular base stations back to the exchanges and beyond. This new hack is different as it enables a criminal to set up a false mobile phone base station, capturing all phone calls within the vicinity, at very low cost.

It relies on a feature of mobile phones that forces them to automatically link into the closest base station to conserve their battery power. By setting up a false base station close to your intended target hackers can capture the victim’s phone signals. This type of intercept tool, called an IMSI catcher, has been around for a number of years but only available to approved government agencies and at a cost of hundreds of thousands of pounds.

Now a standard PC running the OpenBTS software GSM base station, an Asterisk PBX to link calls into the public phone network and a software defined radio receiver black box is all you need to capture these same phone calls.

For many people the only risk of their mobile phone conversation being intercepted was when they decided to bellow into their phone on a crowded train. Now we all need to face the fact that our calls can be intercepted with little effort.

Those that use mobile phones believing they are secure should think again, be they wannabe prime ministers, captains of industry or anyone else who shares confidential information via the mobile phone.

Nigel Stanley

Practice Leader – Security

Bloor Research

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

I am always looking for additional tips to pass on to others.Rxx Help