Mobile networks can be hacked with US$1,500 equipment

1 Aug 2010

With just US$1,500 worth of equipment, an ethical hacker has proved he can hack into 80pc of the world’s mobile phone networks and disrupt or access mobile devices.

Armed with a couple of large antennae and a laptop, security expert Chris Paget – who also proved recently it was possible to hack radio frequency ID (RFID) signals – was able to outboost the nearby cell networks with his own ad hoc cell network and take over mobile devices.

In a demo at US hacker symposium Defcon aimed at illustrating how vulnerable mobile phone networks are to hackers, Paget created a fake GSM base station.

He then showed how it was possible to disable the encryption in the system and how the GSM system would comply without sending a warning message.

His base station/interceptor immediately intercepted 15 mobile devices and then effectively took over the devices by boosting a stronger GSM signal than nearby networks.

He could then disrupt all calls in a given area by switching on a noise generator.

Paget’s proof-of-concept, although showing how easy it is to hack GSM networks, was not without difficulty.

He had to get legal advice from the Electronic Frontier Foundation and heard that AT&T, the largest network in the US, considered suing him to stop the demonstration

In his blog he said: “Unfortunately, I’ve heard that AT&T may be considering suing me to stop my talk. I can’t understand why this would be the case, and I hope that if it’s true, they will contact me first to discuss their concerns.

“Let me clarify some things about my talk. First, I’m not doing anything to AT&T’s or any other network. I’m just going to do a demonstration of my attack. It will not affect the 911 service. Nor will it interfere with anyone’s ability to call 911 unless you’re both in (or near) the demonstration room and also have a GSM phone.”

He added: “I wanted to be clear that the EFF haven’t just given me carte blanche here. I doubt they’ll ever say “Intercepting cellphone calls is perfectly fine as long as you do X Y and Z” – what I’ve done with their help is try to work out a way to minimize any legal risk associated with the demo, and to do it safely, so that I can show people an important problem with GSM. I wouldn’t say I have EFF’s ‘stamp of approval’ on the demo, but they’ve certainly offered plenty of helpful advice and I’ve been trying to take all of it.”

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years