GSM networks vulnerable to hacking: Researcher

27 Dec 2011

A widely used wireless technology could allow hackers to gain remote control of any GSM mobile phone because of outdated mobile network security, says German mobile phone security researcher Karsten Nohl.

According to a study to be presented today by Nohl, mobile users on GSM networks that are used by billions of people around he world may be vulnerable to having their personal voice mail hacked because of the way in which they handle commands.

This vulnerability gives hackers remote control of phones, instructing them to send text messages or make calls, says Nohl, who will present his results at a convention of the Chaos Computer Club, a hackers' group, in Berlin.

After conducting a study of 31 mobile operators in Europe, Morocco and Thailand, Nohl, found that many operators provided poor or weak defences to protect consumers from illegal surveillance and identity theft.

Nohl, who also runs Germany's Security Research Labs, said he was able to hack into mobile conversations and text messages and could impersonate the account identities of cellphone users in 11 countries using an inexpensive, 7-year-old Motorola cellphone and free decryption software available on the internet, according to a New York Times report.

While his research focused mostly on Europe, Nohl, said the level of security provided by network operators in Europe and the US were good but needed improvement, while mobile security varies widely and can be much lower in Asia, the Middle East and Latin America.

Nohl says that operators in India and China encrypt digital traffic either poorly or not at all in order to reduce operating costs or to allow government censors access to communications.

Mobile security of network operators in Switzerland Orange and TDC Sunrise, Belgium's Belgacom Proximus, Telefonica's O2 network in the Czech Republic and True Move in Thailand were poor, according to his study, while Deutsche Telekom's T-Mobile in Germany and Slovakia, Switzerland's Swisscom's Natel and SFR in France had the best security.