Researcher unveils techniques for GSM hacking

GSM is 'badly broken', according to a presentation at DefCon

A security researcher has highlighted flaws in the GSM mobile phone system which he claims could allow the collection of conversation information.

Chris Paget presented the demonstration at the DefCon security conference in Las Vegas, showing how a system built for just $1,500 (£940) could intercept call information from nearby GSM handsets.

The system functions as a spoofed phone reception tower, gathering information and allowing an attacker to create a system capable of harvesting data from local handsets.

Paget said that the system is able to log some 30 phone calls, but had been deliberately limited so that only those who had already been informed of the presentation would be subject to collection.

The researcher said that the demonstration showed the extent to which GSM systems are open to attack. GSM is "badly broken", he claimed, and the best solution would be to move to 3G networks.

Paget said in a blog post after the event that there are some systems in place which could help protect users. Telcos such as AT&T and handset vendors such as RIM have encryption systems which could improve security.

"In the medium to long term GSM simply needs to be turned off," Paget said. "It'd be more work to fix it than it would be to upgrade."