Call to check on mobile network security Published duration 30 July 2010

image caption The attack project aims to reveal the weaknesses in mobile security

Mobile phone users are being encouraged to find out if operators are doing enough to keep their calls secret.

Security researchers have released tools that, they say, make it easy to see what security systems operators use to stop eavesdropping.

The researchers want to expose those operators that have not updated security systems to prevent others listening in.

The tools are based on an attack first demonstrated in late 2009.

"We do want people to go out and study how secure these networks are and to put pressure on the operators to improve," said Dr Karsten Nohl, the lead security researcher behind the project.

Dr Nohl gave a presentation about the tools, called Airprobe, and how to use them at the Black Hat hacker conference held in Las Vegas from 28-29 July.

"We've built tools that interface with cellular telephone communications," he said.

Most mobile calls are protected with an encryption system that uses a huge number of keys to stop eavesdropping. The vast amount of time it would take to try all the keys just to get at the contents of one call makes it effectively impossible to eavesdrop.

Dr Nohl said he, his colleagues and a few dozen others have found a way to shrink the amount of storage needed to hold a complete list of the keys and speed up the way to find the one that unscrambles a conversation.

Without these innovations the call cracking project would have got nowhere, said Dr Nohl.

"Just generating the key table would have taken 100,000 computer years and storing it would have taken 100 petabytes," he said.

Dr Nohl and his colleagues have squeezed the table into a format only two terabytes in size and produced algorithms that can look through it and find the right key in minutes.

Defeating such an attack would be easy for operators, if they have installed an appropriate software update, said Dr Nohl.

"We want to enable users to test whether their operator has installed the patch," he said. "If not they should call them up or send a letter."

Little evidence

The tools being shown off at Black Hat build on work done in late 2009 to generate the table of keys.

"What we are seeing is mobile phone hacking moving from an obscure sub-culture into a mainstream hacking movement," said Nigel Stanley, a mobile security analyst from Bloor Research.

image caption The Black Hat conference is all about practical attacks on secure systems

"When GSM security was originally designed call fraud was the issue, as was a concern that network suppliers would steal each other's customers," said Mr Stanley. "The thought that amateur hackers could break the code would have been laughable back then. Now it's a reality."

Commenting on the work, mobile phone industry body the GSM Association said: "Since 2007 reports of an imminent GSM eavesdropping capability by hacking groups have been common and operators have been monitoring this for some time."

The technical challenges of eavesdropping remained "considerable", said the GSMA.

"We have seen very little evidence that the hackers are able to overcome them," it added. It said that operators could quite easily change the way that calls were set up and handled in their networks to thwart eavesdropping.

It concluded: "GSMA remains convinced that the practical risk to customers is very low and spreading fear and panic amongst mobile users is inappropriate and regrettable."