July 12th, 2011

Useful blog post on the methods used in the UK voicemail intrusions.

David Rogers has a long post on how voicemail accounts were compromised:
A few people have asked me to explain what the whole phone hacking thing means. The first thing to mention is that the phone hacking episode has nothing at all to do with actual 'phone' hacking. It is actually illicit voicemail access. Access can be gained by using some technical knowledge and or tools, but on the whole it is through system and process weaknesses.
He also summarizes in a shorter post:
In brief, there are three main mechanisms for illicitly accessing voicemail: firstly social engineering the call centre to reset or change the PIN for you as precursor to one of the following 1) call the remote voicemail number and access it using the default (or acquired PIN), 2) ringing the actual phone, going into the voicemail menu by pressing the * key or 3) using an advanced mechanism to fool the phone into opening up the voicemail. There are some loopholes still existing and as technology evolves new ones will emerge.

This is not 'phone hacking'. It is illicit or illegal access to voicemail.
Finally, Sophos asked him to do an article on how it worked and to protect your voicemail:
I’m going to explain a bit about what exactly is behind this, how it works and what you can do to protect yourself from people wanting to access your voicemails.

GSM standard still vulnerable to call intercept.

In an unrelated story, Reuters reports on progress in intercepting actual phone calls, as opposed to breaking into voicemail:
"I'd be very surprised if no criminal organisation understood this potential and wasn't already doing this," said hacker Karsten Nohl, who helped expose a security flaw in the widely used GSM mobile network standard last December.

The vulnerability of the 20-year-old GSM standard, used by billions of people in about 80 percent of the global mobile market, was clearly demonstrated last December by Nohl together with fellow hacker Sylvain Munaut.

The two demonstrated an interception at the Chaos Computer Club Congress in Berlin, using a toolkit of four cheap phones, a laptop and some open-source software to hack the A5/1 algorithm used to keep GSM voice conversations confidential.

The GSM Association has developed a new, more secure algorithm but it is hard to deploy in older networks. It has also made available a security patch that is easier to implement, but Nohl said it had not been widely deployed.

Nohl is currently conducting tests on networks around Europe and says he had been able to attack all the GSM networks in London, France, Germany and the Netherlands during recent tests, using kit that a computer studies student could build in a week.

Nohl told Reuters he estimated an entire surveillance operation could be built around a person or organisation today for under 30,000 euros ($42,000) -- about one-tenth of the price it might have cost four or five years ago.

Among the British operators, only Vodafone is rolling out the GSMA's security patch to protect its network.

Orange and T-Mobile (DTEGn.DE), who have recently merged their networks, are looking at security options but have no firm plans.
Wikipedia article on the A5/1 cipher and its weaknesses.

Social networking sites are like nightclubs?

marginaleye, referencing the MySpace to Facebook to Google+ trend: "I fear, however, the horrible possibility that social networking is going to be a perpetual treadmill of pursuing the 'in crowd' and fleeing prole drift, stretching out from here to infinity."

Well, it is how clubbing seems to go. Some dance clubs do last a while, but the crowd does seem to follow the trendiest new place. So there is some social precedent here.

I suppose if one was creating a social networking site one might keep that particular dynamic in mind.