GSM Security Nearly Dead.

A report at on 25th August suggests that basic GSM handset encryption will shortly be thwarted.

For several years now, interested people have been doing ever more with GNU Radio and the USRP ‘software radio’ hardware from Ettus Research. The USRP is a USB hardware device that can be made to act like any radio, using the GNU Radio software to alter its behaviour. Thus, the $1000 USRP can be made to act like a GSM phone, a WiFi Router, a regular FM radio or indeed a Tetra radio.

The OpenBTS project first showcased what was possible: a DIY GSM mast that allowed you to use a regular mobile phone to make calls without using the regular legitimate GSM carriers – using just a laptop & USRP peripheral. Calls were routed through an Asterisk VOIP gateway. This project was actually tested for real at The Burning Man festival & also the 2009 Hackers At Random conference .

Once the open-source GPL’d OpenBTS was out there regular coders could look and see how everything fitted together. Of course it was only a matter of time before other GSM applications followed.

The report at The Register states that the Chaos Computer Club (CCC) of Germany will be releasing tools in the next couple of months that will allow anyone with a laptop & antenna (and presumably a USRP) to listen in on encrypted GSM calls. They plan to build a huge A5/1 Rainbow Table of pre-computed encryption hashes (which is basically a lookup table of every possible answer for an encryption key) of some 2 terabytes in size. Presumably you’ll be able to post your key online and get a result from the rainbow table, in the same way you can with Windows Login passwords right now. Of course posting such a request to the table via the internet would probably get you a black mark down at Spooks HQ – and i’m quite sure they’ll be listening!

It’s amazing to think that this year will have seen both Dect and GSM hacked to bits. All this is possible because of the USRP hardware & ever faster PCs. 3G phones however will be safe for some time to come, as it will be only the original implementations of GSM that can eventually be eavesdropped upon.

Also, an article from the German Financial Times, translated to English.


Mobile Phone Signal Coverage Maps by Postcode

I just needed to know whether my 3G USB dongle was going to work when I move house shortly.

It got me thinking about whether the information that the mobile phone network providers supply is more up to date than Ofcom’s. Guess what? It is!

So if you need to know what kind of signal coverage you can expect at a particular location, just enter a postcode or town name using the links below. If they show no 3G coverage you can still use a Vodafone Access Gateway connected to your internet router, which acts like a mini phone mast (assuming you can get broadband). If you’re with another network, try searching for ‘femtocell’ ‘picocell’ & ‘orange’ ‘O2’ etc.

and of course finally, that stalwart of mast hunters everywhere:

Theme: Premium WordPress Themes | InMotion, Gesundheit