Frailty of GSM network revealed, as calls are easily intercepted

News by Dan Raywood

Phones that connect to 2G or 3G networks can be intercepted as easily as on WiFi networks.

Phones that connect to 2G or 3G networks can be intercepted as easily as on WiFi networks.

Speaking to SC Magazine, Peter Cox, CEO of UM Labs, said all smartphones use GSM to work on 2G, 3G and 4G networks, but calls can be intercepted with software such as a GSM base station, which act as mobile phone aeriels.

“You can pay £1,500 for the software with a radio and listen in to calls, and as you turn the signal up, phones will automatically join it as it is a strong signal,” he said.

Following a presentation made to him, Chris Bryant MP issued the following statement in Parliament last July: “Yesterday afternoon we heard that the man who is in charge of counter-terrorism in the Metropolitan Police is 99 per cent certain that his phone was hacked.

“An hour later, I was shown a piece of kit that costs about £1,500 and is readily available on the internet. It effectively sets up an illegal mobile phone mast through which it is possible to listen to any conversation held by anyone on a mobile phone within three miles.”

A UM Labs whitepaper said the system demonstrated to Bryant was based on an open-source software project, which has built a low-cost GSM base station using a commercially available software-controlled radio system.

The radio connects to a laptop via a USB cable and the complete system is small enough to be packaged into a briefcase. To monitor a GSM call, the system is configured to operate as a base station on the appropriate network, and any nearby phones will join the base station if that station broadcasts the strongest available signal.

It said the mobile operators cannot solve this problem as they have to support dated technologies which are burdened with the vulnerabilities that enable call monitoring and interception. Even if they could change technology overnight, there is still a risk that a rogue employee at a mobile operator could monitor calls, or that an overseas operator may be pressured to provide access to calls.

Cox said: “Phones are configured to run on 2G or 3G, but you can tap into either. The solution is to use voice-over-IP (VoIP) technology or call encryption. This is easy as there are no keys to manage as the voice data is not stored.”

Cox claimed that the concept of using VoIP is catching on as stories about phone-hacking and call interception continue. UM Labs said just switching to VoIP does not solve the problem, as mobile data channels can be monitored as easily as voice, and monitoring WiFi is even easier, adding however that VoIP makes it easy to add effective call encryption.

Also, as the VoIP application, and therefore the encryption, is completely under the user's control, secure end-to-end encryption can be established from the mobile handset to a trusted point in the user's network or to a trusted hosted service.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews