×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

GPRS Can Be Hacked Easily, Claims German Researcher

timothy posted more than 2 years ago | from the wo-bin-ich-genau? dept.

Cellphones 50

hypnosec writes "A German technology researcher on Wednesday showed global mobile makers and technology firms how General Packet Radio Service can easily be tapped, intercepted, and decrypted with an average mobile phone and a few applications. According to the New York Times, Karsten Nohl, a computer engineer and mobile security researcher, demonstrated to fellow researchers gathered to attend Chaos Communication Camp, a Berlin-based hackers event, how to intercept the voice or data messages sent between mobile devices over GPRS easily, owing to weak protection provided by mobile network carriers for data information. Nohl, in collaboration with his colleague Luca Melette, tapped the information within a radius of five kilometers using a seven-year-old inexpensive mobile phone from Motorola." Computerworld also has an informative, link-laden account. If you are attending this year's CCC (only every four years, sadly), feel free to drop a line (with the submissions form) about cool projects you encounter there.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

50 comments

Prob more (-1)

Anonymous Coward | more than 2 years ago | (#37061372)

Probably back when I drank milkshakes and worked on my little pony c compilers with my javac, things were better.
Nowadays you're lucky if you get 5 hours out of a fresh charge without changing the unicomplex lebers.

Augh! (0)

Anonymous Coward | more than 2 years ago | (#37061420)

Hundreds of millions of people will lose their livelihood as a result of this exploit!

Re:Augh! (0)

Anonymous Coward | more than 2 years ago | (#37061592)

You jest, but imagine what the Rupert Murdoch news papers could do with this exploit.

Aha! (1)

drobety (2429764) | more than 2 years ago | (#37061552)

That's why I got lost despite my GPS last time. Some people in my house tried to make me feel as if I was stupid.

Re:Aha! (0)

Anonymous Coward | more than 2 years ago | (#37061882)

Hate to break it to you, but if you were attempting to use GPRS as guidance...well your housemates were fairly correct : p

Re:Aha! (0)

Anonymous Coward | more than 2 years ago | (#37061908)

If that's a joke, it's not funny.

If, OTOH, you sincerely think GPRS is GPS, that's funny.

The Germans also found out (0)

Anonymous Coward | more than 2 years ago | (#37061576)

That the Enigma machine code could also be broken easily. Of course nobody told them til after the war...

Re:The Germans also found out (2)

wsxyz (543068) | more than 2 years ago | (#37061606)

You're confusing bad Germans with good Germans. They're not the same, you know.

Re:The Germans also found out (1)

aristotle-dude (626586) | more than 2 years ago | (#37062120)

You're confusing bad Germans with good Germans. They're not the same, you know.

Neither have a sense of humour.

Re:The Germans also found out (1)

Anne Thwacks (531696) | more than 2 years ago | (#37063208)

Au contraire mon frere, the (good?) Germans had the Monty Python team do an episode in German, despite not understanding what they were saying (Pythons and Germans).... because there was not enough silliness in Bavaria!

Re:The Germans also found out (1)

wsxyz (543068) | more than 2 years ago | (#37064204)

Oh come on... While speaking of Germans, you use French?
Wir sind die Guten!

Re:The Germans also found out (1)

RockDoctor (15477) | more than 2 years ago | (#37072910)

I think you'll find out that it was the Poles who found out that the Enigma code system could be easily broken (for many values of "easy"). They gave the recipe to the British, via IIRC the French during the "Phony War" (which wasn't very phony, for the Poles).

I'd just like to interject... (-1)

Anonymous Coward | more than 2 years ago | (#37061604)

I'd just like to interject. What you are referring to as "hacking" is not that but it is what I've started referring to it as "cracking". Hackers are well-natured people who try to make software work in clever ways not imagined by the original author. A cracker on the other hand is someone who maliciously attacks, penetrates and destroys computer systems.

Many crackers are also hackers. Through a peculiar turn of events, these crackers are routinely referred to as "hackers" by the media, and many people are not aware that "hackers" are good people.

There really are hackers, and they do try to test the limits of software, but they are just a larger subset of a group that includes crackers. All these so-called "hackers" are really just "crackers".

Re:I'd just like to interject... (0)

Anonymous Coward | more than 2 years ago | (#37061782)

No, these are hackers. They work on the software, the hardware and the society to figure out how everything works or doesn't work. Nohl filters out all data that isn't sent or meant to be received by one of his phones. He can still demonstrate the flaw, but he supplies his own prey. You might be interested to know that the Chaos Computer Club regularly operates a GSM network at the yearly Chaos Communication Congress, and they run it on open source software. Besides, they have their own linguist "on staff".

1995 called... (1)

Anubis_Ascended (937960) | more than 2 years ago | (#37061718)

They want their outdated mobile data standard back (preferably with no shipping charges)

Re:1995 called... (1)

TheRaven64 (641858) | more than 2 years ago | (#37066066)

1995 called and asked for a standard from 1997 to be returned to them? I'd like to comply, but there are rules about giving future technology to the past.

Very interesting (1)

ArhcAngel (247594) | more than 2 years ago | (#37061732)

using a seven-year-old inexpensive mobile phone from Motorola

Yet another reason [slashdot.org] why I still use my RAZR. [wikipedia.org] MUHAHAHAHA!

Re:Very interesting (1)

antdude (79039) | more than 2 years ago | (#37062230)

Which model do you have?

Yep, they (v3t GSM) still work for my queen ant and me for basic phone calls. :)

Re:Very interesting (1)

HTH NE1 (675604) | more than 2 years ago | (#37063740)

Meanwhile my e815 is turning itself off rather than charge its battery. Three different chargers, two different batteries. Thankfully I was able to set up call forwarding before the first battery got too low to boot the phone.

Not a problem for me! (1)

toadlife (301863) | more than 2 years ago | (#37061960)

I recently switched to Sprint which runs the much more secure CDMA [slashdot.org] net..............[NO CARRIER]

GRPS ?? THAT'S SOOOO 1990s !! (0)

Anonymous Coward | more than 2 years ago | (#37062056)

Bill Clinton called. He said, "Gimme some more sugar, or it's back to high school for you" !!

Bad news for people out in the boondocks (1)

jandrese (485) | more than 2 years ago | (#37062118)

Isn't GPRS effectively obsolete at this point? The only time I see it in use is way out in the boonies where they're clearly near the bottom of the list for tower upgrades. Often the service is broken anyway (get GPRS connection with strong signal, but no packets make it through). 10 or 15 years ago this would have been a big issue, but these days I just can't see it.

Re:Bad news for people out in the boondocks (1)

imjustmatthew (1164609) | more than 2 years ago | (#37062350)

10 or 15 years ago this would have been a big issue, but these days I just can't see it.

Given the near-total disregard for security I feel in most mobile network operators, I think anything that draws attention to how laughably easy it is to intercept cell data is worth talking about. Most people just assume that their cell data is secure, when every year at DEFCON we see more exploits .. and they never seem to get patched. With how ridiculously easy it is to encrypt internet traffic you'd think they could at least deploy some patches to fix some of these attacks... rogue towers anyone? They still don't use signed certificates for towers?

Re:Bad news for people out in the boondocks (1)

zippthorne (748122) | more than 2 years ago | (#37066810)

You're talking about an industry which, until something like 2002, was still using unencrypted, 800 MHz AM transceivers and relying on laws passed by congress to force radio shack to cripple it's scanners...

Re:Bad news for people out in the boondocks (2)

Jimbookis (517778) | more than 2 years ago | (#37063088)

There are craploads of M2M terminals in Australia at least which rely on GPRS or SMS to convey data. These terminals are the portable credit and bank payment terminals used in every taxi and by mobile merchants and heaps and heaps of embedded telemetry systems. The carriers here are loathe to shut down the GSM/GPRS network because of the probably millions of embedded systems that rely on the GSM/GPRS network - the cost or replacement or redesign of these terminals is insanely expensive and will only be phased out by natural attrition over the next 5-10 years.

Re:Bad news for people out in the boondocks (1)

bemymonkey (1244086) | more than 2 years ago | (#37065556)

GPRS is fine for e-mail, IM and such. Better than nothing when you're out in the wilderness (i.e. 30km beyond city limits :p)...

Re:Bad news for people out in the boondocks (1)

TheRaven64 (641858) | more than 2 years ago | (#37066082)

IM, maybe. GPRS, when I last used it, had a round trip time of about 2 seconds and a maximum throughput of aroudn 5KB/s. Basically, worse than a modem. Email is fine, unless someone sends you any attachments. IM is probably fine, although the latency may mean that you're asking questions after they're answered.

Re:Bad news for people out in the boondocks (1)

bemymonkey (1244086) | more than 2 years ago | (#37066142)

Can't say I've noticed much latency. Even tethered surfing (with Flashblock, NoScript and AdBlock Plus, of course) isn't really worse than flaky 3G (like on the train)... sure, Slashdot takes 20 times longer to load than at home, but when you're out in the boonies with nothing to do, 10 seconds to load the page of comments that you're going to spend 10 minutes reading isn't too bad ;)

Re:Bad news for people out in the boondocks (1)

TheRaven64 (641858) | more than 2 years ago | (#37066170)

Try running ping sometime. I found UMTS gave around 200ms average ping times, GPRS gave about 2000ms, to the same host. Wired connection gave about 70ms to the same host. 200ms is usable, 2000ms limits you to things that don't require interactivity. SSH over GPRS is painful.

Yawn (0)

Anonymous Coward | more than 2 years ago | (#37062142)

GPRS is 2G GSM-based (TDMA) technology, which has been known to be insecure for years.

That's why everybody uses some form of CDMA for 3G. The GSM world may have won the GSM vs. CDMA war, but they did so by adopting a form of CDMA (W-CDMA) for UMTS/HSPA.

sensational? (1)

recharged95 (782975) | more than 2 years ago | (#37062238)

Now that's it's fairly inexpensive ($50) and abundant that you can get GPRS transceivers, and the wire protocol is widely known today.... it's not surprising that folks can hack into it.

I mean current technology R/C transceivers are more secure nowadays.

What is the news? (0)

Anonymous Coward | more than 2 years ago | (#37062260)

Is is really news that unencrypted transmissions can be listened to? Also, it is well known that the weakest encryption schemes of GSM/GPRS is broken since long ago. Serious operators has exchanged these to new schemes a long time ago. Also, none of this works in 3G or LTE.

Secure cellular communications? (1)

wall0645 (1665631) | more than 2 years ago | (#37062296)

Are there any cellular protocols that are secure? That a criminal, corporation, or government couldn't hack? GPRS and CDMA are out from what I remember recently. Anything else been hacked? What hasn't been hacked yet?

Also, are cellular communications inherently less secure than wired communications like a land line? Or are those even easier for say your phone company or government to listen in on?

Re:Secure cellular communications? (1)

X0563511 (793323) | more than 2 years ago | (#37062530)

Here's a tip: you don't have secure communications over the phone, period.

Unless you have something like a fritz chip (that isn't retarded) it isn't secure.

Re:Secure cellular communications? (2)

GameboyRMH (1153867) | more than 2 years ago | (#37062742)

Exactly. If you're relying on any protocol or device you don't control, it's not secure. You want secure? Use a VPN with keyfiles where you control the devices on both ends. That's a secure connection, but if you run Skype through it, that Skype call is not secure.

I always considered phone calls, texts, and (at the very least) non-SSL cellular data traffic to be unsecure, so this news doesn't bother me.

Re:Secure cellular communications? (0)

Anonymous Coward | more than 2 years ago | (#37063876)

What you can do:
Get and Android phone, put AOSP (or Cyanogenmod) on it, connect to WPA2-PSK network, connect over OpenVPN and then tunnel VOIP through that.

Re:Secure cellular communications? (1)

X0563511 (793323) | more than 2 years ago | (#37064176)

At which time it's not really a phone conversation... but yes, that would be a way to manage it. Though you do have to trust the phone itself.

Re:Secure cellular communications? (0)

Anonymous Coward | more than 2 years ago | (#37064722)

unless the AOSP or Cyanogenmod had a bug planted in the firmware you just installed...

Re:Secure cellular communications? (1)

X0563511 (793323) | more than 2 years ago | (#37064764)

Didn't I just say that? It's implicit in "Though you do have to trust the phone itself."

Re:Secure cellular communications? (0)

Anonymous Coward | more than 2 years ago | (#37066498)

Are there any cellular protocols that are secure? That a criminal, corporation, or government couldn't hack?

LTE-A [wikipedia.org] .

The specs are a perfect example of 'security by obscurity'. Unhackable.

(caveat - the above opinion is mine, my own. my precious. it does not belong to nasty employers)

Re:Secure cellular communications? (1)

Pinky's Brain (1158667) | more than 2 years ago | (#37068234)

I assume you mean the specs are unreadable?

(The fact they are only available under NDA means nothing given the number of companies and people with access to it.)

Incorrect information (2, Informative)

Anonymous Coward | more than 2 years ago | (#37064954)

Karsten Nohl states - “One reason operators keep giving me for switching off encryption is, operators want to be able to monitor traffic, to detect and suppress Skype, or to filter viruses, in a decentralized fashion,” Mr. Nohl said. “With encryption switched on, the operator cannot ‘look into’ the traffic anymore while in transit to the central GPRS system.”

This is rubbish. Deep Packet Inspection for the detection of layer 7 applications such as Skype being used by mobile broadband subscribers is generally done on the Gi interface, on or after the GGSN towards the ISP network. At this point in the network, there is no encryption (except for VPNs towards corporate networks for example).

DPI is not achieved by sniffing the radio interface, so Karsten Nohl's comment here is misguided and not accurate.

Re:Incorrect information (0)

Anonymous Coward | more than 2 years ago | (#37066550)

“One reason *operators keep giving me* for switching off encryption is"

(Emphasis mine)

Regardless of wether or not it's the true reason, it could still be the reason the operators are giving him.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...