

Cracking Any GSM Mobile Phone - brennannovak
http://www.bbc.co.uk/news/technology-12094227

======
huhtenberg
> _Key to grabbing the data from the air were cheap Motorola phones which can
> have their onboard software swapped for an open source alternative._

Wasn't there a news bit not long ago about law enforcement agencies being
puzzled by criminals buying/stealing loads of cheap Motorola phones?

~~~
abollaert
I seem to remember something about Nokia 1100 phones being used for bank fraud
(only specific ones that were manufactured in the Bochum plant).

[http://www.pcworld.com/businesscenter/article/163515/nokia_w...](http://www.pcworld.com/businesscenter/article/163515/nokia_we_dont_know_why_criminals_want_our_old_phones.html)

Edit : Spelling.

~~~
huhtenberg
Right, that's the one I was thinking of.

------
cnvogel
Previous report on this talk by arstechnica.com:

<http://news.ycombinator.com/item?id=2049026>

------
msh
But, remember, this is a crack for GSM (2g), it is not a crack for UTMS (3G).

~~~
gvb
But the Bad Guys[tm] can jam the 3G communications and force the phone to 2G.
The forcing is noticeable, but will be hard to distinguish a malicious fall-
back to 2G vs. a carrier coverage fall-back to 2G.

Ref:
[http://www.processor.com/editorial/article.asp?article=artic...](http://www.processor.com/editorial/article.asp?article=articles/P3223/36p23/36p23.asp&guid=)

 _The exploit only works on 2G GSM networks; however it is possible to jam 3G
signals and force virtually any GSM phone to negotiate a 2G connection._

------
coin
This is one advantage CDMA has over GSM, it's much harder to intercept CDMA
<http://www.denbeste.nu/cdmafaq/eavesdrp.shtml>

~~~
daeken
I know nothing of CDMA and outside of some basic knowledge (I worked on the
iPhone dev team during the original push for an unlock, and picked up some
info on how GSM and cell phones in general work) I know very little here, but
from a general security standpoint, the "only X and Y know the key for Z, thus
Z is more secure than W" approach doesn't hold up. If there's a flaw in the
implementation of crypto, it may be possible to reconstruct the key, or
circumvent it entirely. That it hasn't been done yet means little in terms of
theoretical security.

