Just call (modified firmware) and 11 air crashes the GSM network all over the city.

as we know that the safety of wireless phones, GSM networks, the trust is not a long time ago. But security researchers German 3 members, Nico Golde, Kévin Redon and Jean-Pierre Seifert discover how hacking can wind network GSM whole city was economically with ordinary mobile phone only 11 machines and reporting methods. said at the USENIX Security Symposium No. 22

first to understand how the three of them doing well. We must know that our cell phones did not close the connection to the network at all times. But most of it is in the standby state waiting for the network to call for you. So when someone calls or send sms to me it is a step that can be summarized briefly. As follows:

1. station (base station) to broadcast page containing the code calls for our handsets. Spread out across the area covered by the signal. Echoing across the city shouting like that. “Where is she?”
Two. Phones have been broadcast page and see that it contains code to call it
Three. Activate our phone connection and signal back to the base station. “I am here …”
Four. Base station and our phone talk passionately to open a private channel for calls or receiving radio waves – Send
Five. Calls we sent to the base station identification code to verify yourself
6. Confirm the identity and order. What our phone rang, it reminds us a call or read text

basic practice

will see that the process of verifying the identity of the phone, we just do it right here in Step 5 is vulnerable to security researchers, the three used in the Denial of Service (DoS). The principle is very simple. That is how you make a phone hacker Race go to step 5 race identification code back to the base station to the phone faster. Which is not necessarily a correct code with. Because the base station that the wrong code. It will close the connection is dropped as DoS hackers successfully School

phones they used in hacking the phone since the Motorola C118 Motorola C123 and two versions of a cheap phone that can be installed in open source firmware OsmocomBB adapted to work as a GSM radio transceiver

on everything ready. Researchers also tested a timer to run the race to the finish line of Motorola phones adapted to multi-models in the market such as Nokia 3310, iPhone 4S, Samsung Galaxy S2, Nokia N900, Sony Xperia U, Blackberry Curve 9300, Sony Ericsson W800i, etc.

result is very satisfactory. [See chart at the bottom] because converted surpassed Motorola phone to finish before all phones used in this test. (Do not forget that they are calling from the father, the Nokia 3310 support to the iPhone 4S to test if it is going to be high all the phones in the market would not survive) means that if a hacker knows the code calls for. Phone our broadcast page specified in this code, then programmed to wait for it. No one will call or send sms to us and we do not even realize that I attacked him for it

how to code, it is not difficult to find anything. Hacker is just a phone call into our shot, then trap it between 10-20 times (sniff) signals transmitted from the base station. I then sent from the base station log that the phone would be called for a broadcast page on my fence

If anyone comes to read this. Think that it is not much. Emotions about that. “Today people call it what it is, then I will not have time DoS peace What does” it do not look too optimistic. The story is not over

It is then transferred to that phone call, or instant messaging. You’re a good hacker, he can help us a call or sms messages for us easily. not be tired at all. Really

quadrant of the city

DoS phone just a few machines. It still was not enough fun. Researchers have sought to expand the scope of the destruction of this approach further. They know that the base station sends out a broadcast page to find the target phone. It was not sent from the base station only. But the base stations close to the geographic area between the broadcast page. To do this is to make our mobile phones do not need to report back to the exact location where the base station at all times. It was roughly the geographic range, it is enough to save energy and protect the privacy of users in the

but in this case the broadcast page spread to every base station in a way that is open to hash label can wind the entire network easily. Hackers do not need to spread the chaos Motorola phones are adapted by each base station to intercept broadcast page shamefully If a hacker wanted to crash a GSM network, the network is only one trap every broadcast page of one of the base stations of the network, it sends out is enough. The territory to be eaten by a distributed base stations share broadcast page automatically. Which could be as much as tens or hundreds of square kilometers

this time, it just limits the speed trap broadcast page because the researchers have tried to trap a broadcast page and pass code back to the base station, each time, it takes about 1 second (. If the question is, 0.925 seconds on average) in the first minute, so Motorola Phone adapted to connect the first time, it will fall by about 60 times. Which is not enough to trap all the broadcast page (in hours at the maximum. Major network providers. Germany’s broadcast page is sent out to the 300 to 1200 r / min)

so they adapted many Motorola phones used to help trap air broadcast page simultaneously, as if to crash GSM network of E-Plus, both of Berlin, which has a maximum of about 600 a broadcast page / min in the way. Motorola Theory phone hacker need only 11 unit. The camp where people use it. I had to lay a trap for me. Network where people use trap at least it was hacked … consistent with the philosophy of sufficiency economy very


for customers and users of the phone. Do not worry about it. because we did not get any protection the same. But network providers can edit this vulnerability

GSM network that was developed decades ago. It was designed by the trust that people can not find equipment adapted trap – in GSM radio as you like so it can not verify the identity in the early stages. Call for a pair of connecting wires. The solution is to change providers encrypt the authentication process, this new concise

full research paper can be downloaded from the Open Access publishing model www.usenix. org/system/files/conference/usenixsecurity13/sec13-paper_golde.pdf
(Paper is written for readability so awesome And I do not know about the GSM to understand the horror of it)

Source – Naked Security

But for me

network of our house. This is not a big deal. If the system crashes, hackers have come up automatically. May refer to discourage crying snot blown away I go home with their own. Just lately the only city in the country to come down with it. It crashes many times a day they are



                     GSM, Mobile, Security


  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: