New attacks on GSM mobiles and security measures shown

[Jeffrey Walton <noloader () gmail com>]

http://www.h-online.com/open/news/item/28C3-New-attacks-on-GSM-mobiles-and-security-measures-shown-1401668.html

At the 28th Chaos Communication Congress (28C3) in Berlin, security
researchers have demonstrated a new technique for attacking GSM mobile
phones. Karsten Nohl from Security Research Labs and his colleague
Luca Melette have demonstrated a technique for using a mobile phone
emulator based on open source software to make calls and send texts to
expensive premium rate phone numbers. Nohl says that the attack
carries a high risk of abuse and is already being actively used by
criminals. In contrast to other known attacks, most of which are aimed
at listening in on phone conversations, this attack poses a threat to
anyone with a GSM mobile phone.

The new threat is based on prior work by the team of cryptographic
experts. At last year's congress, Nohl and his team demonstrated a
method of rapidly decrypting and listening in on GSM phone calls using
an upgraded low cost mobile phone, a laptop and the open source
application Osmocom. The technique exploited a known vulnerability in
the widely used A5/1 encryption algorithm. To use the technique, an
attacker needed to know the Temporary Mobile Subscriber Identity
(TMSI) and secret key.

...
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.