• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Hacking
  • Intelligence
  • Malware
  • Security
  • GSM mobile … the insecure network

GSM mobile … the insecure network

Pierluigi Paganini December 29, 2011

The latest discovered vulnerability in GSM ( Global System for Mobile) technology is worrying many telecom operators of several countries due to their impact on an audience of billions users. Some experts in the Security Research Labs in Berlin have shown how to get the remote control of mobile phones to send SMS and make calls.

The bugs identified makes GSM technology vulnerable to tapping. The impact in terms of security is definitely noticeable and creates no little alarm among the telecom industry, concerns shared by the industry as producers in the same mobile device.

The reality is that we are dealing with very old technology, backed by 20 years of operation and for which were not introduced significant improvement in terms of safety.

GSM is the 2G standard (2 nd generation) for mobile phone an it is currently most widely used. Consider that more than 3 billion people in 200 countries use GSM mobile phones. GSM is an open standard developed by the CEPT, designed by the ETSI and maintained by the 3GPP consortium (of which ETSI is a member). Easy to understand the impact that the vulnerability has on phone operators and handset manufacturers.

The world of telephony has always been below the target of hackers and evil-intentioned, for example many times we heard about the possibility of such a device being infected with malware. Unfortunately, the awareness of the threat is very low in the common user, but given the high distribution of devices and their growing computational power in the field it is necessary that we put concrete questions in terms of safety. A mobile device follows our movements and with phone calls and with SMS allows each user to interface with the outside world. Check all that amounts to achieve control over each individual who raises troubling questions regarding privacy. We are all controllable, this well known, but knowing that anyone who might be afraid to spy on us.
The most worrysome thing is that is possible to control huge amount of mobiles in a short time frame.

Just last year I remember an interesting presentation made by the researcher Chris Paget during Defcon security conference in Las Vegas. He have demonstrated in a live demo how he can intercept cell phone calls on 80 percent of the world’s phones with just about $1,500 worth of equipment. Chris Paget, who also demonstrated how he can hack into radio frequency identification tags (RFID) from a distance, created a fake cell phone tower, or Global System for Mobile communications (GSM) base station.

Military and intelligence agencies can intercept cell phone calls with their wiretapping technology, there is no mystery in this, but Paget simply wanted to show how vulnerable the cell phone network is and how hackers could intercept calls for a small amount of money. He used a couple of large antennae and a laptop with some other equipment.

“GSM is broken – it’s just plain broken,” said Paget during the demonstration.

Another possible damage could be caused by fraudsters that are able to make calls to the numbers from hacked business phone systems or mobile phones, then collect their cash and move on before the activity is identified. The hapless user will not realize the fraud until he will receive the telecom bills.

The researcher for security reasons haven’t shown the details of possible attacks to avoid it replication by hacker.

According a security reserach on mobile networks Germany’s T-Mobile and France’s SFR offer their clients the best protection against online criminals wanting to intercept their calls or track their movements, according to a new ranking Nohl will unveil at his presentation.

Let’s go deep in the argument visiting the web site www.gsmmap.org. The site propose an interesting ranking conducted by security researchers regarding security of several telecom operators.
I believe that every customer must be informed on it to make pressure on the operator that must guarantee an acceptable level of security.

What would happen if activist groups exploit similar vulnerabilities to disclose the object ofillegally wiretapping made​​? 

The events of recent months have also shown that too often government representatives and businessmen make little attention to the use of mobile communications devices. The use of encrypted communications is very limited and this has lead to many problems that we all learned in the newspapers.
Essential to increase awareness of the threat, informing the user that runs the real dangers in a little noticed by using their mobile phone.

“None of the networks protects users very well,”


facebook linkedin twitter

activist Censorship Content filtering Cyber Crime Espionage GSM Hackers Hacking Hacktivism Incident Intelligence ISP Large scale infiltration malware mobile phones network tapping telecom Trojan vulnerability

you might also like

Pierluigi Paganini July 26, 2025
Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme
Read more
Pierluigi Paganini July 25, 2025
Operation CargoTalon targets Russia’s aerospace with EAGLET malware,
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

    Intelligence / July 26, 2025

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

    Security / July 25, 2025

    Koske, a new AI-Generated Linux malware appears in the threat landscape

    Malware / July 25, 2025

    Mitel patches critical MiVoice MX-ONE Auth bypass flaw

    Security / July 25, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT