Thursday, December 17, 2009

GSM Security and 90's Mobsters

There are number of mobile/cell technologies available in the market today, however, the issues like security and privacy have remained the top concerns for every single network provider. Evaluating the generic GSM technology can give a brief overview on security controls within the cellphone/network system.

Information on SIM card generally includes:
-Phonebook
-Call Register Information
-Private Photos/Videos
-SMS/MMS

-Technical Network Information

GSM Network Structure Overview



What security protocols are being used?

A3 - Authentication mechanism for GSM Security
A5/1 - Stream Cipher for voice privacy
A5/2 - Weakest stream cipher for voice privacy
A5/3 - Provides confidentiality and integrity for mobile communications

So, are our call secure over GSM network? The answer is "no".

Scanning and decoding the GSM traffic using Nokia 3310 toolkit + Universal Radio Peripheral.

Nokia 3310

MBUS data cable
Wireshark
Gsmdecode (Linux)

Overall view of GSM Cellphone System Breach