In a move to shed light on the vulnerability of GSM wireless networks, encryption expert Karsten Nohl, with the aid of 24 fellow hackers, was able to compile the multitude of algorithms behind the twenty one year old, 64-bit encryption scheme used to encrypt 80% of the world’s cellular GSM phone calls. The algorithm’s code book, comprising 2TB worth of data, has been published by Nohl and is now available on the Internet through BitTorrent. This is not the first time GSM was “cracked”. In 2003, the method by which GSM’s encryption code could be cracked was uncovered by a team of Israeli researchers and in 2008, David Hulton and Steve Muller presented at Black Hat a technique for the successful interception and decryption of a GSM stream using $1,000 of hardware and a half hour of time. Now in 2009, we have the binary code log that could potentially make GSM decryption faster and easier than ever. Before everybody panics, it is important to point out that the GSM algorithm that was cracked was the older and less secure 64-bit A5/1 algorithm, not the newer 128-bit A5/3 algorithm. Unfortunately, GSM carriers have been slow to adopt this new 128-bit encryption standard but Nohl’s disclosure may be the kick in the butt these lazy carriers need to beef up their security.

Read

Touted as an espionage tool but more closely resembling spyware is a new application, Phone Creeper, written by xda-developer member chetstriker. Once installed on a Windows Mobile 5, 6.1 or 6.5 handset with .NET CF 3.5, the software tool can be used to:

• secretly and remotely read incoming / outgoing sms
• secretly and remotely delete incoming / outgoing sms
• secretly and remotely view call history
• bounce sms messages off remote phone to someone else
• create a pop-up message on phone
• send a secret fart sound
• secretly and remotely listen to person – (Initiates silent call back of person to your phone with their speaker phone enabled)
• send listening in call to somebody else’s phone
• remote wipe of installed flash card

These above remote control commands are issued via SMS messages sent from any other handset to the “infected” Windows Mobile handset. The software is currently being distributed as a cab file that one must agree to install but, in the future, a code injector could be created to insert this application silently into any cab file. Once installed, the application does not appear in the task manager, does not have a user interface and runs silently in the background. So what do you think, the ultimate spy tool for parents of teenagers, a security suite to protect your data if your phone is stolen, or the progenitor of a whole new class of mobile phone spyware?

[Via WMExperts]

Read