One of my favorite podcasts is Security Now with Leo Laporte and Steve Gibson. This past week’s episode (#213) Steve discussed how simple it was to crack GSM. You can scan through the show notes here. For those who don’t know, GSM (Global System for Mobile communications) is the cell phone technology for over three billion users worldwide, and has 80 percent of the cellphone market spread through 200 countries. In the US, if you are on AT&T or T-Mobile you are running on GSM. Obviously, this is a huge target.
By saying “it can be cracked”, I am actually saying that your conversations can be picked up by a radio receiver, decrypted using an open hardware solution that costs less than $1400 and managed with open source software. This is some really scary stuff. The GSM Alliance, the group responsible for the GSM standard, is burying their heads in the sand with respect to this breach. Apparently, the weaknesses of GSM have been known for years, but no one has attempted to resolve them but rather rely upon security through obscurity.
I would suggest downloading the podcast and taking notes. This could get ugly.
