By mimicking cell phone towers, hackers can listen on calls, but the industry isn't worried. Attacks like these used to cost millions, but now they only cost about 1,100 euros.
All pre-3G GSM phones conceiveably are vulnerable to Paget's snooping technique
On Saturday, Chris Paget, an American computer security researcher, revealed how he could tap mobile calls using $1,500 worth of radio equipment and an antenna.
He showed, while presenting at the DefCon hackers conference in Las Vegas, how his device broadcasts a GSM signal, allowing it to pose as a cell phone tower.
The device only works on mobile phones using the second-generation of the GSM standard, which is used by the overwhelming majority of mobile phone users around the globe.
However, the ability to listen in on calls does not apply to the more secure third-generation, or 3G, networks.
Paget called on telecom providers to switch to 3G networks, saying GSM is broken, but the GSM Association, an industry consortium, remains unconcerned.
"Although it is generally acknowledged that a ‘man in the middle attack’ using a false base station is possible, there are a number of hurdles to be overcome to launch a successful attack," it said in a statement.
There are over four billion GSM users worldwide
How a fake cell phone tower works
Cell phones are tricked into routing their outbound calls through the fake cell phone tower, enabling the hacker who controls it to listen in. Paget's gear can target specific numbers and may even give hackers access to credit card or account information siphoned from calls made to shops and banks.
It's the price tag that has industry insiders worried. The system only costs $1,500, or about 1,100 euros, to create, meaning mobile phone hacks are now more broadly available than ever before.
“These attacks used to cost millions of dollars, now you can do it for a lot less,” Paget told the Agence France Presse news agency at the conference on Saturday.
But the GSM Association says having the equipment doesn’t immediately provide access to private calls. They say hackers need to be within a certain range of their victims, and they have to bypass mechanisms designed to protect the identity of mobile users.
Even a switch to 3G may not make phones any safer
Heavy investment in older technologies
Other industry watchers say the truth is mobile phone operators and manufacturers aren't prepared to make the switch to better security.
"Telecom providers have made a substantial investment and want to use the old technology" said Christos Xenakis, a mobile security lecturer at the University of Piraeus in Greece. He believes the industry never anticipated that hackers would be able to spoof a GSM signal for such little money.
"The problem is that when the technology was designed 25 years ago, no one imagined it would become so cheap,” he said in an interview with Deutsche Welle.
But Xenakis says security upgrades are becoming more available.
"Technology solves this problem," he said. "With new generation UMTS networks, third generation networks, new mobile networks... there are answers coming."
Xenakis added that the industry will eventually be forced to advance beyond 3G capabilities, as Paget showed on Saturday how even 3G remains vulnerable.
During his demonstration, Paget said he could also capture phones using 3G by sending out jamming noise to block this technology. The phones then would automatically revert to a 2G connection and connect through his rogue base.
Author: Saroja Coelho
Editor: Cyrus Farivar