While the News International phone hacking scandal that saw the demise of the News of the World newspaper cannot have escaped your attention in the US or UK, news from India concerning the latest 'tumble and clone' developments could leave the mobile phone calls of more than just celebrities at risk of hacking.
If you thought it was bad enough that UK newspapers have apparently been hacking into the mobile telephone conversations of celebrities and others 'in the news' in order to gain a competitive advantage when breaking news stories, then wait until you hear the latest reports to come out of India concerning GSM hacking methodologies.
Researchers from an Indian security company called Matrix Shell have demonstrated how it is possible to hack into Indian GMS phones, tumble and clone them, and then make calls using the unique International Mobile Subscriber Identity (INSI) number so as they were charged to the unsuspecting victim's cell account. Furthermore, by using a combination of firmware and customised software, the researchers were able to intercept calls made by the compromised handsets
According to Akib Sayyed from Matrix Shell, many if not most of the Indian mobile network providers use a5/0 instead of a5/1 encryption on GSM which, Sayyed says "is practically no encryption at all." Indeed, such is the weakness of this method that his researchers were able to use open source software to sniff out the data from thin air and listen in to the calls made. In the case of the Indian cellular networks, it would appear to be most likely that the most secure encryption is being switched off in order to ease network load as it takes longer to set up a session between cellphone and base station with it than without.
Eli Hizkiyev, a Senior Vice President with European IT threat mitigation specialist Cryptzone, claims this raises the issue of whether GSM voice calls can be considered secure at all. And not just as far as Indian mobile users are concerned but anywhere that GSM is used, as it was demonstrated some 18 months ago that a5/1 encryption can be cracked. The problem with this latest development is that when a carrier network is only using a5/0 encryption it then becomes possible to relatively easily, as Matrix Shell has shown, to clone SIM card identities which opens up a whole new world of attraction for the would be phone hacker.
As Hizkiyev points out, with many UK GSM carriers also experiencing a form of digital gridlock on their inner city networks at the busiest times, the question has to be asked if they too will consider lowering their encryption levels in order to boost performance or, indeed, if they are already doing so.
3G cellular services remain untouched by the fallout from this latest revelation. Until, Hizkiyev warns, the A5/3 encryption mechanism used for 3G calls (a derivative of the MISTY Feistel crypto methodology) is lowered as is being reported by some industry insiders, and the then diluted 3G encryption system finds itself cracked in less than 2 hours.
"The real bottom line is that cellular calls - in common with all wireless transmissions - are inherently less secure than wireline telephony, for the simple reason that the mobile device can only automatically authenticate itself over the airwaves" Hizkiyev concludes "put simply, this means that all of the data transmitted can also be eavesdropped by hackers who - if they are able to crack the underlying encryption system, all variants of which has clearly been found to be wanting - can monitor the data stream and eavesdrop on the voice plus data transmissions. This Indian newspaper report raises a number of security questions on several fronts, and this is before we even start to discuss the number of people using their smartphone for Internet banking..."