Ethical Hackers Demonstrates Exploitable Security Holes of GSM Networks in India

By March 5th, 2012 AT 11:33 AM

GSM networks has a critical security breach, as White hats demonstrated the the vulnerability of the widely accepted mobile technology at Nullcon, the International Security Conference 2012, held at Goa.

Ethical Hackers Demonstrates Exploitable Security Holes of GSM Networks in India

The white hats or the ethical hacker group Matrix Shell explained and showed the security holes of GSM technology deployed in India they also demonstrated a real hacking scenario using GSM network in real time.

The security experts of the team includes Akib Sayyed, Dipesh Goyel, Bipul Sahu and Nitin Agarwal. They said that anyone can impersonate another GSM mobile number by:

1. using IMSI and making calls

2. Possible threats include

3. identity theft

4. Huge mobile bills or no balance of the victims

5. An attacker can create a grid of such hardware and can empty the phone balance of each
subscriber in just less than 3 hrs.

6.The attacker can give misleading information by using some government employee’s identity or even use some law enforcement personsonal’s identity.

Chances of catching the attacker

There are very less chances to catch the attackers as he/she can change the imei,imeisv. The attacker can also spoof location by saying that his location is at 70 km away from the GSM base station even though he/she is sitting very near to the same GSM base station.

No encryption on Air Interface
Standard encryption on GSM should be a5/1 but in India the providers mostly use a5/0 I.e. no encryption. In this scenario the attacker can use some open source software to sniff the communication from air and can listen to the calls easily.

The reasons as we suspect why these GSM configuration issues exist in the telecom networks

It takes less time to setup session between mobile phone and BTS if no encryption is used also less load on the systems.

It might be that the operators are forced to do this due to huge air traffic on GSM networks and implementing such techniques will cost them in terms of hardware upgrade to bear the load or some addon hardware in same area to serve the same no. of subscribers.

There are certain security norms decided by governing body of GSM to stop these kind of attacks but many operators ignore them for whatever reasons.

13
Leave a Reply

avatar
Photo and Image Files
 
 
 
13 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
13 Comment authors
MIRZAChinmoyAbhishek KumarkrishnenduAshish Recent comment authors
newest oldest most voted
MIRZA
MIRZA

Already shwn this loop hole on media channels months back .. frm CSRT

Chinmoy
Chinmoy

wanted to visit Nullcon .. alas could not manage . Thanks a lot TT for coverage and good article . Liked it .

Recent Posts

Dish TV Users With SD Set-Top Box Can Upgrade to HD Box at Rs 799

Dish TV India has come up with a new offer under which the SD Set-Top Box users can upgrade to...

100 Mbps Plans from Vodafone-Owned You Broadband Detailed

You Broadband is one of the popular wired Internet Service Providers in the country as it has operations across 20...

PUBG Mobile Lite Gets All-New Golden Woods Map With 0.14.1 Update

PUBG Mobile Lite is now receiving a massive 0.14.1 update which adds a new Golden Woods map to the game....