The standard encryption algorithm that is supposed to protect GSM mobile telephone calls from eavesdropping has long been known to be weak. Today, the technology to crack GSM’s standard encryption algorithm is accessible even to amateurs at moderate cost. Recent public demonstrations of practical low-cost attacks on GSM’s standard A5/1 encryption algorithm have underlined just how vulnerable mobile phone calls have become.
Passive GSM Interception
Passive GSM interception systems allow an attacker to eavesdrop on mobile telephone calls using only passive methods, i.e. equipment that only receives, but does not transmit and that is thus undetectable for the victim. Undetectable and highly portable, passive interception systems are used either for intercepting the radio link between a mobile phone and a base station, or between a base station and other network components.
Active GSM Interception
Active GSM interception systems allow an attacker to actively interfere in communications between mobile phones and base stations by means of a so-called IMSI-catcher, in essence a transmitter and receiver that simulates the functionality of a GSM base station. Recent attack methods involve spoofing so-called femtocells to feign that you are the user’s mobile network provider, while in fact you are taking over his network traffic.