Want to listen in on cellphone calls or intercept test messages? Well that’s a violation of someone else’s privacy so shame on you! But there are black-hats who want to do just that and it may not be quite as difficult as you think. This article sums up a method of using prepaid cellphones and some decryption technology to quickly gain access to all the communications on a cellular handset. Slides for the talk given at the Chaos Communications Congress by [Karsten Nohl] and [Sylvain Munaut] are available now, but here’s the gist. They reflashed some cheap phones with custom firmware to gain access to all of the data coming over the network. By sending carefully crafted ghost messages the target user doesn’t get notified that a text has been received, but the phone is indeed communicating with the network. That traffic is used to sniff out a general location and eventually to grab the session key. That key can be used to siphon off all network communications and then decrypt them quickly by using a 1 TB rainbow table. Not an easy process, but it’s a much simpler method than we would have suspected.
[Thanks Rob]