Hack your phone to improve security

.
With various countries threatening to halt BlackBerry services unless Research In Motion Ltd. hands over its encryption keys, some might be wondering what that means about the security of all the other mobile phones out there. Are only messages sent via BlackBerry unencryptable to prying eyes? One man in a Black Hat dares you to find out, using hacker technology being made available to the general public.
Speaking at the Black Hat hacker conference last week in Las Vegas, Dr. Karsten Nohl encouraged people to attempt hacking their phones to keep operators on their toes and ensure basic privacy is being maintained.
Using a tool called Airprobe, Nohl says people can check to see whether mobile operators are keeping security systems updated or whether gaping security holes big enough for nosy government ears can be uncovered.
Usually, mobile calls are supposed to be encrypted using a very large number of virtual “keys” – so long and complex that it would take many years and petaflops of computing power to decode them. Nohl, however, claims he and his security research team have found a way to shrink the key data into much more manageable chunks, making mobile data cracking something that can be performed in a matter of minutes rather than months.
Indeed, Nohl claims he and his team have managed to condense the entire table of eavesdropping prevention encryption keys into just two terabytes – no match for the Black Hat algorithm.
That’s not to say hacking into someone’s phone is do-able – it’s only possible, says Nohl, if the operator hasn’t installed the right security software updates.
“We do want people to go out and study how secure these networks are and to put pressure on the operators to improve,” said Nohl, adding, “We want to enable users to test whether their operator has installed the patch.”
This can be done by use of the group’s Airprobe software, which can record and decode GSM calls, decrypting them with a tool known as Kraken.
Sure, it’s a little on the pricey side, requiring that users have not only the software, but also a computer, a $1,000 programmable radio for the PC, access to cryptographic rainbow tables and the Kraken tool. Still, after you’ve assembled all that, you’re good to go.
If security is found to be lacking on your handset?  Nohl recommends some rather drastic and shocking measures against your operator. “Call them up or send a letter,” he said. A rather stern letter, we hope.
The GSMA, however, is not convinced hacking your phone is the best way to better your operator’s security protocols and in fact, takes a rather scathing view of Nohl and Co.’s practices.
“GSMA remains convinced that the practical risk to customers is very low and spreading fear and panic amongst mobile users is inappropriate and regrettable,” said the organization in a statement.
The GSMA also said it had “seen very little evidence” that hackers were able to overcome GSM encryption. But if that’s true, how come Saudi, UAE, India and France – to name but a few – are so concerned only about BlackBerry?