Researchers have found a way to eavesdrop upon any mobile call or text message sent via any GSM network, utilising open source phones that cost as little as $10, it has emerged.
Karsten Nohl and Sylvain Munaut demonstrated their toolkit at the Chaos Computer Club Congress (CCC) in Berlin, demonstrating techniques acquired from other researchers but also utilising their own technology to record calls.
The toolkit took a year to built and works by locating a target phone, identifying and taking its unique ID and collecting the data sent and received by the handset and the base station as calls are made or texts sent.
To capture the data, the duo utilised specific Motorola handsets that could have the default firmware swapped with that of an open-source alternative. From here, they were able to strip out the GSM “filters”, ensuring that they would be able to receive all data being broadcast by a base station.
Once the data was collected, it could be cracked upon using a pre-compiled Rainbow Table, a list of encryption keys generated independently of the hack. With a huge list of encryption keys at their disposal, any mobile call or text intercepted can be recorded and unscrambled.
Its worrying to think that people might be able to spy on your calls but you needn’t worry…for now. Nohl has said that he will not release the kit for others to use, instead the duo simply wished to establish aware that the GSM standard could be compromised and that it would need additional security measures enforced as a result.
Not bad considering a professional eavesdropping system costs around £35,000 and the toolkit mentioned above comes in around 1000 times cheaper.