Kim Zetter
Security

GSM Security Researcher Targeted in Airport Shakedown

A security researcher on his way this week to speak at a conference about mobile phone security was stopped by British authorities at Heathrow Airport and questioned before being relieved of his Nokia phone, SIM card and USRP (Universal Software Radio Peripheral). The researcher was on his way to Dubai to deliver a talk at […]

Gsm_network

A security researcher on his way this week to speak at a conference about mobile phone security was stopped by British authorities at Heathrow Airport and questioned before being relieved of his Nokia phone, SIM card and USRP (Universal Software Radio Peripheral).

The researcher was on his way to Dubai to deliver a talk at the Hack-in-the-Box security conference about cracking GSM encryption to intercept mobile phone calls and text messages and track the location of users using less than $1,000 in equipment.

The researcher described the airport incident in an anonymous blog post. He writes that the inspectors had done their homework and already knew who he was, where he lived, who he worked for and what day he was speaking at the conference.

He speculates that the government may have wanted to make sure he wasn't exporting any cryptanalytic device but notes that if this were the case it was odd that investigators didn't try to keep either his laptop or his paperwork, which would have been the most likely place to find any information he was carrying about cracking GSM encryption.

They were also not interested in my 160GB harddrive which would have been the obvious place for storing the rainbow tables. Neither were they interested in the high performance FPGA chip.

Instead they took all equipment that could have been used for demonstrating that GSM signals can be received with publicly available hardware for 700 USD.

It does not appear that they were after cryptanalytic information.

I received a yellow paper about my detained goods. They left the field blank that reads
"The goods specified below are detained for the following reason:". What reason?

They also crossed out the field "Agent" of the officer who was in charge of the operation.

He notes that the inspectors were perplexed by his USRP.

They said they do not know what the USRP is and that I can not take it until they have checked it in the lab. This can take 14 days (1/2 month).

So be it. They have it for 14 days. Guys, enjoy the device! It's fun playing around with it!

Although the blogger doesn't identify himself, he notes that he gave a talk about cracking GSM encryption at the Black Hat security conference held earlier this year in Washington, D.C.

David Hulton from Pico Computing in Seattle and someone identified only as "Steve" delivered a talk at Black Hat on cracking GSM and building a scanner to intercept and decipher GSM signals. A news article about the talk identifies Steve as Steve Muller of the UK-based company CellCrypt. Hulton is listed as giving the same talk in Dubai with someone using the hacker handle "Skyper." Hulton and Muller have not responded to e-mails I sent them. Presumably they're both still in Dubai at the conference.

They ended their talk at Black Hat saying, "Receiving, transmitting and cracking GSM will become cheaper and easier. It will become easier to mount an attack against the mobile network infrastructure. We are expecting a rise in unlawful interception, data/identity theft and tracking the location of mobile phone users."

The researchers maintain a Wiki describing their work.

(Hat tip: InfoSec News)

Image courtesy IEEE

See also: