It has long been supposed that the GSM mobile phone system was pretty secure and safe from hackers, well, it is, ish… Needless to say that there are ways and means for well-resourced and connected spooks and security agencies, but to date it has been beyond the ability of the average backyard nosey parker, but maybe not for much longer.
Engadget reports that Chris Paget, who has a track record for breaking supposedly secure technology in a helpful way of course, he’s one of the good guys. He has revealed what could be a sizeable flaw in 2G GSM.
At the recent DefCon security conference he was able to trick a number of mobile phone users into making calls through his laptop.
The idea appears to be absurdly simple. Basically he set up his laptop connected to a couple of small antennas as a phoney (pun intended) mobile base station, indistinguishable to phones and most users from the real thing. His kit exploited a feature in the GSM system that tells the phone to log onto the base station with the strongest signal.
No doubt the phone companies will dismiss it as a stunt but so-called ISMI capture is one of the techniques used by security agencies, though their equipment is a darn sight more complicated, and a lot more expensive, so watch what you say…