I have read in the past (no sure where) that unfortunately there exist illegal devices that permit crooks to eavesdrop on GSM mobile phone conversations. I recently also heard that some people had created a spoofed cell phone tower for GSM. My question is, if I switch over to using a CDMA phone, would I be any safer? I don't really want to give up the sweet deal that I have with XYZ mobile phone company, but if I must then I will.
-
The name for these devices is "IMSI Scanner". A good defcon talk on the subject is on youtube [here](https://www.youtube.com/watch?v=xKihq1fClQg) – jackweirdy Dec 10 '13 at 10:59
-
Man, relying on spread spectrum as "security" is really a stretch. – Fixee May 19 '15 at 05:18
3 Answers
CDMA uses the CAVE algorithm for authentication, CMEA for privacy and and ORYX for integrity. But these algorithms are all prone to cryptographic attacks similar to those conducted on GSM. So, don't depend too much on the encryption provided by CDMA too since 'attacks only get better, they never get worse' - Bruce Schneier.
- 819
- 4
- 9
GSM uses Time Division Multiplexing along with other technologies, somewhat similar to the now abandoned US TDMA standard. What we now call CDMA uses an entirely different technology, Code Division Multiple Access that GSM devices do not use in any way, shape or form. 4G LTE, the new standard, also does not use Code Division Multiple Access technology.
The GSM standard encryption was broken four years ago per the NY Times, and open source software, OpenBTS exists to work with used equipment as you described. Therefore, I feel more comfortable with CDMA carriers, and fortunately folks in North America and Oz have that choice. That's relevant now more than ever, since SIM cards have been cracked.
Better still, add encryption to the phones on both ends, and you're better off.
- 111
- 6
-
Interesting article(NY Times). Just out of curiosity, is there any proof/algorithms released for backing up Mr.Nohl's statement ? – Ebenezar John Paul Dec 10 '13 at 13:01
As far as I know, GSM relies on CDMA, and these technologies evolve toward 3G relying on W-CDMA, and so on. At least some mobile phones supporting both GSM and 3G propose options allowing you to use only one of these norm, so you can restrict it to use only 3G and disable GSM.
The side effect is that in an area only covered by GSM and not 3G, you will not be able to send or receive phone-calls.
- 19,082
- 4
- 58
- 104