Cell providers could have thwarted spying - Expert

2013-12-28 10:55
(Duncan Alfreds, News24)

(Duncan Alfreds, News24)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Berlin - The world's mobile phone carriers have failed to implement technology fixes available since 2008 that would have thwarted the National Security Agency's ability to eavesdrop on many mobile phone calls, a cyber security expert says.

Karsten Nohl, chief scientist with Berlin's Security Research Labs, told Reuters ahead of a highly anticipated talk at a conference in Germany that his firm discovered the issue while reviewing security measures implemented by mobile operators around the world.

Nohl also told Reuters that the carriers had failed to fully address vulnerabilities that would allow hackers to clone and remotely gain control of certain SIM cards. Those vulnerabilities were pointed out in July.

While the German cryptologist criticised carriers for failing to implement technology to protect customers from surveillance as well as fraud, he said he does not think they did so under pressure from spy agencies.

"I couldn't imagine it is complicity. I think it is negligence," he said. "I don't want to believe in a worldwide conspiracy across all worldwide network operators. I think it is individual laziness and priority on network speed and network coverage and not security."

Major flaws

A spokesperson for the GSM Association, which represents about 800 mobile operators worldwide, said she could not comment on Nohl's criticism before seeing his presentation on the topic at the Chaos Communications Congress in Hamburg, Europe's biggest annual conference on hacking, security and privacy issues.

Nohl uncovered the issue while working on a project known as the GSM Security Map, which evaluates security of mobile operators around the globe. The map, which can be found at www.gsmmap.org, is partially funded with a grant from the US government's Open Technology Fund, according to Nohl.

None of the carriers surveyed had implemented measures for thwarting a method that allows the NSA to eavesdrop on most mobile calls by unscrambling a widely used encryption technology known as A5/1, Nohl said.

The Washington Post reported on 13 December that documents leaked by former NSA contractor Edward Snowden showed the agency can crack A5/1. Nohl said that method would have been blocked if carriers had applied two patches released in 2008.

Nohl is credited with leading research teams that have uncovered major flaws in mobile technology in recent years.

In July, he reported on security vulnerabilities that would allow hackers to gain remote control of and clone certain mobile SIM cards.

The unprecedented work prompted a United Nations group known as the International Telecommunications Union, which advises nations on cyber security plans, to urge the industry to take quick action to tackle the vulnerabilities.

Vulnerable

Once a hacker copies a SIM, it can be used to make calls and send text messages impersonating the owner of the phone, said Nohl, who has a doctorate in computer engineering from the University of Virginia.

A few weeks after Nohl disclosed his findings, he said it looked like most carriers had implemented fixes to prevent such attacks.

Yet he said on Friday that while conducting research for the GSM Security Map project, he learned on closer inspection that those fixes still left plenty of room for attacks, making customers on many networks vulnerable.

"I need to go back on what I said. The majority of the operators only addressed the symptoms, not the root cause," Nohl said.

He said that his firm launched the GSM Security Map project to pressure mobile operators around the world to boost security.

The effort will also push researchers like himself not to be complacent.

"We as researchers must not give up so easily like we did in July, when we said 'The network operators addressed it. We are so proud. We changed the world,'" Nohl said.

The group will continue to update the map, which has detailed reports for each country surveyed that describe security of individual carriers.

In the map's initial release on Friday, the country whose networks were rated the most secure was France.

Not all countries are surveyed, however, because the group does not yet have enough data.

Read more on:    nsa  |  germany  |  mobile

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.
NEXT ON NEWS24X

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
2 comments
Comments have been closed for this article.

Inside News24

 
/News

Book flights

Compare, Book, Fly

Traffic Alerts
Traffic
There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.




Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.