Research highlights GPRS vulnerability
Data encryption exploit could enable hackers to snoop on mobile internet data.
A security researcher will today reveal weaknesses in the encryption methods used by mobile operators he says can allow internet data to be hacked.
The vulnerability lies in the methods used to encrypt data transmitted over networks running on General Packet Radio Service (GPRS) technology.
Karsten Nohl,
Security Research Labs' chief scientist, is due to present his findings at the Chaos Communication Camp 2011 conference taking place today in Berlin.
Nohl and his team have previously published
research into decrypting algorithms used by mobile operators to secure voice conversations.
But Nohl and colleague Luca Melette are expected to reveal a software tool they have now developed that can reprogramme cheap Motorola handsets to become GPRS interceptors in an attempt to get mobile operators to strengthen their network defences.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The software can be used to expose data transmissions on unprotected networks within a three-mile radius, Nohl told the New York Times in an interview.
He and Melette also reportedly discovered weak encryption methods on all four German mobile networks and were able to decrypt and read mobile transmissions. And in Italy, they found two operators that did not encrypt their data at all.
IT Pro contacted Nohl and Melette to find out if they'd tested any UK networks, but they had not responded at the time of writing. Most of the UK networks IT Pro contacted said they were aware of, and monitoring, Nohl's research.
The Vodafone Group, however, stated that it implements appropriate measures across its networks to protect its customers' privacy.
"We regularly review security measures and carry out risk assessments to prevent the kind of exploit described," Vodafone said in its statement.
Nohl's previous research has also focused on GPRS cryptographic encryption methods. He has criticised operators for failing to use strong 128-bit encryption schemes, after demonstrating how rainbow tables can be used to crack weaker authentication.
A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.
Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.