Active & Passive Attacks
Active Attack
Pretends to be a fake base station that manipulates the cell phone to attach to it, after which it forces the phone to turn off standard encryption and records calls that route through it.
Equipment used: Asterisk, OpenBTS, GNU Radio and USRP2.
Passive Attack
Uses a radio to receive calls over the air and decrypts the standard encryption without manipulating the cell phone. Passive attacks are more dangerous because they are undetectable.
Equipment used: Airprobe, Kraken, Rainbow Tables, GNU Radio and USRP2 and modified Motorola handsets.
Follow Us
Click to find Cellcrypt on Twitter, LinkedIn and YouTube, or visit our blog to stay informed.
Hacker Developments: New and Emerging Threat
Hackers have been researching and attacking cellular systems for many years and have publicized vulnerabilities and developed equipment that exploits known weaknesses. Multiple types of equipment have been demonstrated in live environments to intercept cellular calls. Much of the research and equipment is available for anybody to build and use.
Both active and passive attack equipment has been developed.
A History of Hacking …
| December 1999 | Theoretical attack on GSM Encryption (A5/1) published (more) |
| August 2009 | Cracking project announced using distributed computing power within hacker community (more) |
| December 2009 | Open source base station demonstration runs private cellular network with open source software defined radio and $1,500 general-purpose radio hardware (more) |
| December 2009 | Cellular frequency hopping cracked (more) |
| December 2009 | Computation successfully completed resulting in a large look-up table of encryption keys, GSM ‘codebook’ published online (more) |
| January 2010 | Theoretical attack on 3G encryption (A5/3) published (more) |
| January 2010 | Software released that accesses keys in the GSM codebook in less than a minute for near real-time interception |
| March 2010 | Active attack on private network demonstrated using open source base station, open source PBX and $1,500 general-purpose radio transceiver (more) |
| July 2010 | Live intercept on major US carrier demonstrated (more) |
| July 2010 | Software released for faster decryption of GSM (more) |
| December 2010 | Passive attack using four $15 modified cell phones as radio transceiver (more) |
| December 2010 | Solution developed for targeting, acquiring and decrypting individual targets (more) |
| April 2011 | BBC films live passive interception using $15 modified phones (more) |
| August 2011 | Interception equipment packaged in to homemade drone plane with auto-pilot and GPS to hover over target area (more) |
| August 2011 | GPRS attacked (more) |
| August 2011 | Reported that a full Man-in-the-Middle attack successfully launched against 4G and CDMA networks (more) |
| September 2011 | Table available pre-loaded on 2TB disk for €80 |
| October 2011 | Passive attack software modified to intercept satellite calls derived from GSM standard (more) |
| February 2012 | Security researchers break satellite phone encryption (more) |
Relevant Articles
- Forbes: Flying drone can crack Wi-Fi networks and snoop on cell phones
- BBC: Mobiles fall prey to hack attacks (video) (related article)
- The Economist: Mobile security: living on the edge
- New York Times: Hacker to demonstrate 'weak' mobile internet security
- European CEO: Businesses seen as target for easier phone hacking
- ExtremeTech: 4G and CDMA reportedly hacked at DefCon
- The Register: Satellite phones lift skirt, flash cipher secrets at boffins
- SC Magazine: Frailty of GSM network revealed, as calls are easily intercepted
- Computer Weekly: Mobile phone hacking by Nigel Stanley, Bloor Research
Additional Background Articles:
Chaos Communication Congress 2011: 'Defending Mobile Phones'
Black Hat 2011: 'Aerial Cyber Apocalypse'
- ZDNET: Drone aims to eavesdrop from the sky
- Insecure Blog: Wireless Hacking: Wardriving Evolves Into Warflying
Chaos Computer Camp 2011: 'GPRS Intercept'
- The Register: Hackers crack crypto for GPRS mobile networks
- Fierce CIO: Mobile data security weaker than you think
Chaos Computer Club Congress 2010: 'Wideband GSM Sniffing'
- BBC: Hackers crack open mobile
- Networkworld: Researchers hack GSM mobile calls using $9 handsets
- The Register: Cell phone snooping now easier and cheaper than ever
- The Telegraph: Mobile network cracked by hackers
DefCon 2010: 'Practical Cell phone Spying'
- USA Today: Hacker builds $1,500 cell-phone tapping device
- Chris Paget Blog: Practical cell phone spying
- The Register: Hacking into GSM for only 1500$
- YouTube: Hacker shows how he intercepts cell phone calls (video)
- Wired: Hacker spoof cell phone tower to intercept calls
- The Inquirer: GSM phone hack is revealed
Black Hat 2010: 'Attacking Phone Privacy'
- Breaking GSM phone privacy (video)
- The Register: Cell phone eavesdropping enters script-kiddie phase
- Computerworld: New 'Kraken' GSM-cracking software is released
Chaos Computer Club Congress 2009: 'GSM: SRSLY?'
- New York Times: Cell phone encryption code is divulged
- BBC: Secret mobile phone codes cracked
- Financial Times: Security fear as mobile phone code is cracked
- The Guardian: Mobile phone security cracked, says German hacker
- Fox News: Hacker cracks security code that protects cell phone calls
- The Register: Secret code protecting cell phone calls set loose; universal phone snooping moves forward
HAR 2009: 'Cracking A5 GSM Encryption'
- Mobile Industry Review: GSM encryption can be cracked for $500
- The Register: Mobile snooping for everyone in weeks
Equipment Resources
What immediate steps can I take to protect myself?
Anybody who discusses confidential or sensitive information on their mobile phone should assume that they can be eavesdropped and act accordingly.
Cellcrypt provides a number of ways to help organizations and individuals better protect their mobile phone calls from being compromised, including:
- Top Tips to quickly put into operation some easy and basic protection.
- White Paper: Cellcrypt’s Voice Security Brief - an introduction to cell phone voice call interception and security. To download your copy please complete the short form below.
- Cellcrypt Mobile, a downloadable application that runs on off-the-shelf cell phones such as Android, BlackBerry, iPhone and Nokia smartphones and uses government-grade security for protecting sensitive voice calls against interception.
News
23rd May 2013
13th May 2013
5th March 2013
Latest Tweets from @Cellcrypt
#Cellcrypt exhibiting in #Verizon booth #1119 at #AFCEA Cyber Symposium http://t.co/yPrPDO8NKY
22 hours 9 min ago
#Cellcrypt attending Cross Tech Cyber Defense conf 10-11 June in Annapolis. Click here to learn more http://t.co/CQnUIfNpg6
23 hours 14 min ago
#CESG and #Cellcrypt to Develop #MIKEY-SAKKE Technology http://t.co/1svuAyGhtf #Security #Encryption
1 day 23 hours ago
