Home » GENERAL » Ethical Hackers Demonstrates Exploitable Security Holes of GSM Networks...

Ethical Hackers Demonstrates Exploitable Security Holes of GSM Networks in India

by Rudradeep Biswas on March 5, 2012 11:33 am | GENERAL 13 comments

GSM networks has a critical security breach, as White hats demonstrated the the vulnerability of the widely accepted mobile technology at Nullcon, the International Security Conference 2012, held at Goa.

The white hats or the ethical hacker group Matrix Shell explained and showed the security holes of GSM technology deployed in India they also demonstrated a real hacking scenario using GSM network in real time.

The security experts of the team includes Akib Sayyed, Dipesh Goyel, Bipul Sahu and Nitin Agarwal. They said that anyone can impersonate another GSM mobile number by:

1. using IMSI and making calls

2. Possible threats include

3. identity theft

4. Huge mobile bills or no balance of the victims

5. An attacker can create a grid of such hardware and can empty the phone balance of each
subscriber in just less than 3 hrs.

6.The attacker can give misleading information by using some government employee’s identity or even use some law enforcement personsonal’s identity.

Chances of catching the attacker

There are very less chances to catch the attackers as he/she can change the imei,imeisv. The attacker can also spoof location by saying that his location is at 70 km away from the GSM base station even though he/she is sitting very near to the same GSM base station.

No encryption on Air Interface
Standard encryption on GSM should be a5/1 but in India the providers mostly use a5/0 I.e. no encryption. In this scenario the attacker can use some open source software to sniff the communication from air and can listen to the calls easily.

The reasons as we suspect why these GSM configuration issues exist in the telecom networks

It takes less time to setup session between mobile phone and BTS if no encryption is used also less load on the systems.

It might be that the operators are forced to do this due to huge air traffic on GSM networks and implementing such techniques will cost them in terms of hardware upgrade to bear the load or some addon hardware in same area to serve the same no. of subscribers.

There are certain security norms decided by governing body of GSM to stop these kind of attacks but many operators ignore them for whatever reasons.

Related News

• 

  Nokia To Launch Mobile Payment Facility “Nokia...
• 

  India Adds 7.6 Million GSM Subscribers in...
• 

  Nokia Siemens Networks Introduces Self Care Facebook...
• 

  10p/Min On-Net calling! Costly for Vodafone-Airtel User
• 

  Massive Disconnection of Inactive SIMs – Negative...

This Article Was Written By: Rudradeep Biswas

Rudradeep Biswas - Senior Telecom Analyst

The happy guy RDB (stands for Rudradeep Biswas) has been writing for Telecomtalk since 2009, covering mobile operators, 3G, broadband, WiFi, 4G, LTE, telecom policies and what-not related to Indian telecom. He is by profession a doctor, did his MBBS from R.G.Kar Medical College, Kolkata.

Read more from Rudradeep Biswas

More Recent Posts

• Govt. Committee Proposed 100% FDI in Telecom
• Vodafone India Slashes Data Charges by 80% for Prepaid and Postpaid Customers
• Aircel Announces Short-term Prepaid Yatra SIM Cards for Amarnath Yatris

{ 13 comments… add one }

• MIRZA March 6, 2012 at 3:51 am

  Already shwn this loop hole on media channels months back .. frm CSRT

  Reply

• Chinmoy March 6, 2012 at 1:51 am

  wanted to visit Nullcon .. alas could not manage . Thanks a lot TT for coverage and good article . Liked it .

  Reply

• Abhishek Kumar March 5, 2012 at 10:19 pm

  All technologies are safe by design, its just the decision of the operators if they choose it or not

  Reply

• krishnendu March 5, 2012 at 10:16 pm

  hi :

  Rohan Singh :

  Sudheer Sahukasr :
  For All readers of TT and GSM users, SWITCH TO CDMA AND BE SAFE. CDMA IS BEST FOR 1.SECURITY 2. BETTER VOICE AND DATA 3. CHEAPER ON NET CALLING. 4. BETTER INDORE COVERAGE 5. SO ON ….. …. .. .

  Instead of securing GSM network why will anyone shift to CDMA…If tomorow CDMA is not safe then..?? Where will u shift..?

  He’ll probably start using walky talkies.

  go for bsnl landline!

  Reply

• Ashish March 5, 2012 at 4:13 pm

  Sudheer Sahukasr :
  For All readers of TT and GSM users, SWITCH TO CDMA AND BE SAFE. CDMA IS BEST FOR 1.SECURITY 2. BETTER VOICE AND DATA 3. CHEAPER ON NET CALLING. 4. BETTER INDORE COVERAGE 5. SO ON ….. …. .. .

  Bad Idea…..

  Reply

• Vikas March 5, 2012 at 4:03 pm

  Sudheer Sahukasr :
  For All readers of TT and GSM users, SWITCH TO CDMA AND BE SAFE. CDMA IS BEST FOR 1.SECURITY 2. BETTER VOICE AND DATA 3. CHEAPER ON NET CALLING. 4. BETTER INDORE COVERAGE 5. SO ON ….. …. .. .

  Simply more user-base leads to more threats. I think it’s same analogy like most of people think about the Windows and Linux Systems.

  Reply

• hi March 5, 2012 at 3:25 pm

  Rohan Singh :

  Sudheer Sahukasr :
  For All readers of TT and GSM users, SWITCH TO CDMA AND BE SAFE. CDMA IS BEST FOR 1.SECURITY 2. BETTER VOICE AND DATA 3. CHEAPER ON NET CALLING. 4. BETTER INDORE COVERAGE 5. SO ON ….. …. .. .

  Instead of securing GSM network why will anyone shift to CDMA…If tomorow CDMA is not safe then..?? Where will u shift..?

  He’ll probably start using walky talkies.

  Reply

• bharathkumara March 5, 2012 at 2:55 pm

  Rohan Singh :

  Sudheer Sahukasr :
  For All readers of TT and GSM users, SWITCH TO CDMA AND BE SAFE. CDMA IS BEST FOR 1.SECURITY 2. BETTER VOICE AND DATA 3. CHEAPER ON NET CALLING. 4. BETTER INDORE COVERAGE 5. SO ON ….. …. .. .

  Instead of securing GSM network why will anyone shift to CDMA…If tomorow CDMA is not safe then..?? Where will u shift..?

  even gsm/cdma also have lot of loopholes, go and check with them.. u can get the whole details….

  Reply

• Rohan Singh March 5, 2012 at 2:28 pm

  Sudheer Sahukasr :
  For All readers of TT and GSM users, SWITCH TO CDMA AND BE SAFE. CDMA IS BEST FOR 1.SECURITY 2. BETTER VOICE AND DATA 3. CHEAPER ON NET CALLING. 4. BETTER INDORE COVERAGE 5. SO ON ….. …. .. .

  Instead of securing GSM network why will anyone shift to CDMA…If tomorow CDMA is not safe then..?? Where will u shift..?

  Reply

• Susanta March 5, 2012 at 2:10 pm

  Plz ans appropiatly——-

  WILL OPERATERS TAKE ANY STEPS IMMEDIETLY IN THIS SITUATION??? (which tense is it..??)

  Ans- FUTURE IMPOSSIBLE TENSE..

  Reply

• irfan March 5, 2012 at 12:36 pm

  the cdma technology in no safer at all its easier to copy the esn and rsn of the cdma mobile handset than the gsm in short the cdma pnones can be more easily cloned than the gsm sim card

  Reply

• ARUN BHABU B March 5, 2012 at 11:50 am

  Good Article!!!!!! Govt & Operators has to take some immediate measures to avoid this kind of scenario’s possiblities in customer end otherwise this could be the huge problem that Indian Telecom ever face more than 2G/3G…. Vodafone being an International operator it should have known and implemented encryption techniques its not just excusing about users and traffic in the Indian mobile market its about providing the quality and security even for the densely populated markets that is the ultimate goal…..GUYS I”M Wondering being a Heavy CDMA user Im aware of the fact with a right CDMA network we are connected in a more powerful way than GSM its fact as Im being sales person who travels around the country 100% support CDMA over GSM but I want to know the encryption and other standards for CDMA either way CDMA is best as its not open source like GSM and developed under huge testing and R&D by Qualcomm…

  Reply

• Sudheer Sahukasr March 5, 2012 at 11:47 am

  For All readers of TT and GSM users, SWITCH TO CDMA AND BE SAFE. CDMA IS BEST FOR 1.SECURITY 2. BETTER VOICE AND DATA 3. CHEAPER ON NET CALLING. 4. BETTER INDORE COVERAGE 5. SO ON ….. …. .. .

  Reply