At a recent Black Hat security conference in DC, two cyber-security techies showed how easy it is to wiretap another person’s cellphone.
David Hulton and Steve Muller showed off a new method for breaking the GSM encryption used by major cellphone service providers to prevent eavesdropping on cellphone communications.
Hulton and Muller say their method allows an eavesdropper to record conversations on cellphone networks from miles away and decode it within a half hour using just $1,000 in computer equipment.
Hulton, an applications director for high-performance computing company Pico, and Muller, mobile security researcher for CellCrypt, plan to make their decryption method freely available to the general public public.
However, they hope to start selling a faster version that can crack cellphone encryption in only 30 seconds. This premium version will cost between $200,000 and $500,000.
As to the issue of eroding the privacy of cellphone users, Muller says that he and Hulton didn’t invent the hacking technology; they just brought attention to its vulnerabilities and made the technology public.
According to Muller: “If governments or other people with millions of dollars can listen to your conversations right now, why shouldn’t your next-door neighbor?”
David Pringle, a spokesman for the GSMA trade association, which represents 700 GSM cellphone carriers worldwide, stated that decrypting GSM still requires special technology and is more secure than a landline.
As for intercepting conversations on Hulton and Muller’s cellphones, don’t bother. They don’t use them.