Researchers speaking at the Chaos Computer Club (CCC) Congress in Berlin demonstrated how GSM cellphone calls and text messages can be intercepted using only four sub-$15 phones as network sniffers, a laptop computer, and a collection of open source software.
While such capabilities have long been available to law enforcement with the resources to buy a powerful network-sniffing device for more than $50,000 (remember The Wire?), the pieced-together hack takes advantage of security flaws and shortcuts in the GSM network operators’ technology and operations to put the power within the reach of almost any motivated tech-savvy programmer.
“GSM is insecure, the more so as more is known about GSM,” said Security Research Labs researcher Karsten Nohl. “It’s pretty much like computers on the net in the 1990s, when people didn’t understand security well.”