Eavesdrop mobile calls with $15 phone, a laptop and open source software

BERLIN — Whatever assurances have been given about the security of GSM cellphone calls, forget about them now.

Speaking at the Chaos Computer Club (CCC) Congress here Tuesday, a pair of researchers demonstrated a start-to-finish means of eavesdropping on encrypted GSM cellphone calls and text messages, using only four sub-$15 telephones as network “sniffers,” a laptop computer and a variety of open source software.

While such capabilities have long been available to law enforcement with the resources to buy a powerful network-sniffing device for more than $50,000 (remember The Wire?), the pieced-together hack takes advantage of security flaws and shortcuts in the GSM network operators’ technology and operations to put the power within the reach of almost any motivated tech-savvy programmer.

“GSM is insecure, the more so as more is known about GSM,” said Security Research Labs researcher Karsten Nohl. “It’s pretty much like computers on the net in the 1990s, when people didn’t understand security well.”

Read more at Wired

It doesn't sound as easy as breaking security on legacy wep secured wireless networks just yet, however it could certainly end up something the average person might be able to do in a few years time.