[Discuss-gnuradio] address@hidden: [Scan-DC] Warning of increased GSM + TETRA attacks]

[David I. Emery]

GoMo News

February 13, 2012 Monday 12:43 PM EST 

Warning of increased GSM + TETRA attacks

LENGTH: 471 words

Rating: We're back to Squidgygate and police radio scanners again

Here's a bit of an ominous warning. Much worse than mere voicemail hacking. 
Greg Jones, a director of wireless security specialist, Digital Assurance, is 
warning of the dangers posed by the increasing availability of low cost 
software defined radio (SDR) solutions. He says, "It's extremely likely that 
criminal gangs, hacktivists and others will all show a growing interest in 
[SDR]. And we're not just talking about the hacking of individual mobile phones 
here but the possible compromise of critical infrastructure." In a nutshell, 
what Mr Jones is suggesting is that thanks to SDR it's no longer possible to 
assume that calls made over commercial and specialist wireless networks are 
inherently secure. We're back to the bad old days when ham radio enthusiasts 
could list into analogue cellular calls. Who remembers the infamous Squidgygate 
tapes, for example?There's nothing inherently evil about SDR technology. In 
effect, its arrival has helped to make devices like cellular phones c
 heaper by dispensing with the need for multiple, dedicated wireless chipsets. 

So what's going on? Jones says, "Those attempting to compromise wireless 
communications systems in the past have used expensive equipment coupled with 
advanced signal analysis skills."

This is a reference to the fact that breaking standard GSM signals previously 
required a supercomputer. Not any more, apparently.

"SDR devices typically use a standard PC to capture and manipulate radio 
spectrum potentially allowing an attacker to capture and demodulate advanced 
radio systems which were previously inaccessible to the hacking community," 
Jones explains.

He doesn't actually mention it but if that 'standard PC' includes a laptop we 
could be in deep trouble. Think innocuous white van sitting outside your 
home/office.

Which advanced systems is he talking about? Well, the list includes mobile 
networks such as GSM, Wi-fi, WiMAX, DECT and even TETRA.

So that's not just your mobile phone, your laptop and your cordless phone - 
we're also looking at hacking emergency services.

Think police radio scanners used by crooks to know if they've been detected yet.

Just to make the point Jones even names the tools a budding SDR hacker needs. 
The USRP (Universal Software Radio Peripheral) coupled with open source 
software like GNU Radio. Oops.

What particularly worries GoMo News is the potential to 'spoof' a GSM base 
station and intercept the calls you think you are making to your bank.

Jones is a master of understatement. "If one were to consider the implications 
of a co-ordinated attack against a critical communications system over say 
London - even if the attack were restricted simply to signal jamming - the 
potential is there to cause massive disruption," Greg Jones stated.

Olympics 2012, anyone?

______________________________________________________________
Scan-DC mailing list
Home: http://mailman.qth.net/mailman/listinfo/scan-dc
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:address@hidden

This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html

----- End forwarded message -----

-- 
  Dave Emery N1PRE/AE, address@hidden  DIE Consulting, Weston, Mass 02493
"An empty zombie mind with a forlorn barely readable weatherbeaten
'For Rent' sign still vainly flapping outside on the weed encrusted pole - in 
celebration of what could have been, but wasn't and is not to be now either."