Global GSM eavesdropping network.

January 3, 2011

GSM has been broken up to the point that a phone call or an SMS can be intercepted using an ordinary phone and a PC. The impact of this attack is still somewhat limited, because to eavesdrop, you need to be close to the target mobile phone. However, with a bit of 'crowdsourcing' we can overcome this 'limitation'.

Suppose we are able to reprogram the baseband (this is still a big if, as far as I know...) of a few common types of phones, that also have a mobile internet connection. Reprogram the baseband in such a way that such phones can intercept an SMS or GSM call, provided they know the right session key. Also add fucntionality to collect data needed to crack a session key.

Next develop a small P2P app, install it on all these phones, and use this P2P network (that communicates using the mobile internet connection of the phone) to find a phone close to the target phone corresponding to a given mobile phone number. Use the app to first collect some data in order to crack the session key off-line, and when it receives back the corresponding session key to start eavesdropping.

You could do this in the open, or you could hide the functionality in a popular app. Whatever way you do it, you would have built yourself a global GSM intercept facility. Now wherever you are, you can enter the phone number of a target mobile phone, and the communications will be delivered to you in real time.

In case you spot any errors on this page, please notify me!
Or, leave a comment.