Last August, a hacker declared GSM “broken” in terms of security by demonstrating how a low-cost device and open-source software could spoof a cell phone tower. The GSM Association responded that the hack was impractical as eavesdroppers would have difficulty targeting a specific user, and it only works within a certain range.

 

Not anymore.

 

Last week, another group of hackers demonstrated how to eavesdrop on GSM calls and text messages using various software programs, four $15 handsets and a laptop.

 

The attack - demonstrated at last week's Chaos Computer Club (CCC) Congress in Berlin by Security Research Labs researcher Karsten Nohl and OsmocomBB project programmer Sylvain Munaut - essentially allows a hacker to track down a target phone's location and determine its random network ID number, which in turn lets the hacker know which stream of information to decrypt.

 

The decryption process itself takes about 20 seconds. The entire demo took around two minutes, according to the Wired Threat Level blog (which has the juicy technical details as well).

 

As with previously reported hacks, the attack won't work on W-CDMA networks, but that should small comfort to cellcos in markets where 3G is a fraction of their user base (presuming 3G exists at all). Even where 3G and HSPA dominate, many cellcos still run legacy GSM networks alongside their W-CDMA networks, and are more likely to use them to offload voice calls as 3G data traffic gets heavier.