GPRS Hacked
Just announced:
Nohl’s group found a number of problems with GPRS. First, he says, lax authentication rules could allow an attacker to set up a fake cellular base station and eavesdrop on information transmitted by users passing by. In some countries, they found that GPRS communications weren’t encrypted at all. When they were encrypted, Nohl adds, the ciphers were often weak and could be either broken or decoded with relatively short keys that were easy to guess.
The group generated an optimized set of codes that an attacker could quickly use to find the key protecting a given communication. The attack the researchers designed against GPRS costs about 10 euros for radio equipment, Nohl says.
ShadowHatesYou • August 10, 2011 5:40 PM
GPRS isn’t the only standard to fall, it’s been reported that CDMA and 4g were also compromised at Defcon this year.
http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/81514
The largest threat to these protocols seems to be the ease of compromising pico/femtocells and making them do your bidding: http://wiki.thc.org/vodafone
Clearly things need to be more robust. A compromised base station should not be able to do this.