Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Cell Network Hack Demonstrates Need For Designed-In Security

Fortify : 04 August, 2010  (Technical Article)
Fortify illustrates the need for in-depth security evaluations during design cycles with a mobile cellular network hack demonstration
A demonstration of how cellular transmissions from mobile phones can be subverted and users' mobiles fooled into logging into a rogue GSM station - so allowing calls to be eavesdropped and falsified - highlights the fact that the designers of the GSM standard never envisaged the need for ultra-high levels of security on mobile calls.

'When the GSM standard was formulated more than 20 years ago, the developers were required to design a digital successor to the analogue cellular standards of the day. As a result, security was only added after the basic standard was developed,' said Barmak Meftah, Fortify Software's chief products officer.

'Security was not built into the standard from day one, but essentially added as an afterthought. And that is why we have today's crackers able to subvert the technology using an `evil twin' methodology that is widely used when hacking WiFi networks,' he added.

According to the software security assurance expert, evil twin attacks - in which a rogue base station is placed close to the WiFi network that is to be hacked - has been around for a number of years, and fool the mobile into logging into the rogue base station, and handing over its handshaking credentials.

It's the same with Chris Paget's rogue micro cellular base station, says Meftah, as -- similar to the WiFi evil twin scenario -- the user session can be relayed onto the legitimate network, allowing the cracker to stage a man-in-the-middle attack on the cellular user, eavesdropping on the call and the data handshaking procedures.

The bad news here, he explained, is that not only are the call contents recordable, but the cracker can then generate the handshake credentials at another cellular base station, and place outgoing calls on the cracked cellular users' account.

Call resale fraud was a major problem in the early analogue days of cellular, and allowed `calling shops' on street corners to rent out mobiles for lengthy calls to foreign destinations for a few pounds/dollars, but end up with the legitimate cellular users footing the bill - or his operator, if the bill is extraordinarily high, he went on to say.

The really bad news about this hack, says the Fortify product chief, is that it exploits a structural flaw in the GSM standard that is difficult to fix retrospectively, as there are hundreds of millions of existing standard phones in regular usage.

'Sure, the networks can increase the security of their networks to beat this problem, but that leaves existing mobile users high and dry. It really shows how a lack of investment in security at the development stages - building security firmly into the technology - has not been made,' he said.

'It all comes down to the program code that the GSM standard developments worked on. This could have serious repercussions for GSM users across the world,' he added.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo