Detecting GSM Vulnerability (concept)

 

Introduction

The GSM vulnerability detector is custom hardware built on open source software and low cost hardware that detects malicious activity on GSM networks. This device is intended to counter the rise of attacks on GSM such as voice, data, or message interception.

Hardware

  • Receiver
The cheap DVB with Elonics E4000 could be used as a receiver, since it can cover a wide frequency from 52 – 2200 MHz. We choose this DVB because it’s cheap; even though the receiver bandwidth doesn’t cover the standard GSM communication.

DVB with Elonics E4000
  • Amplifier
For the amplifier, we should choose the one that can cover GSM frequency range.
  • Antenna
As with the amplifier, we should choose one that can cover GSM frequency range.
  • Mini PC
We don’t actually need a mini PC, and we could use inexpensive SBC (Single Board Computer) like raspberry pi for this.

How It Works

This device works by checking the encryption used by the GSM operator in realtime. The encryption information checked between MS and BTS on GSM networks as can be seen in this illustration:

Illustration 1



After checking the encryption used by GSM networks, this device will provide three possible results:
After checking the encryption used by GSM networks, this device will provide three possible results:
  • Easy means that the GSM networks are using A5/0 encryption.
  • Medium means that the GSM networks are using A5/1 or A5/2 encryption.
  • Hard means that the GSM networks are using A5/3 encryption.
The detection flow can be seen in this illustration:
Ilustration 2



Explanation for the above illustration is as follows:
  1. Mobile phone will connect to the BTS provided by GSM operator.
  2. BTS will send response to the mobile phone.
  3. GSM vulnerability detector will start scanning the GSM networks.
  4. GSM vulnerability detector will detect the operator used by mobile phone.
  5. GSM vulnerability detector will scan the nearby BTS used by GSM operator.
  6. GSM vulnerability detector then analyzes the encryption used by GSM operator.

Conclusion

We are researching this device due to the incidence of more intense GSM security. These devices are still in early development status and need more testing until they could be used on a daily basis.

Post a Comment

Followers