A security researcher will today reveal weaknesses in the encryption methods used by mobile operators he says can allow internet data to be hacked.
The vulnerability lies in the methods used to encrypt data transmitted over networks running on General Packet Radio Service (GPRS) technology.
Karsten Nohl,
Security Research Labs' chief scientist, is due to present his findings at the Chaos Communication Camp 2011 conference taking place today in Berlin.
Nohl and his team have previously published
research into decrypting algorithms used by mobile operators to secure voice conversations.
But Nohl and colleague Luca Melette are expected to reveal a software tool they have now developed that can reprogramme cheap Motorola handsets to become GPRS interceptors in an attempt to get mobile operators to strengthen their network defences.
The software can be used to expose data transmissions on unprotected networks within a three-mile radius, Nohl told the New York Times in an interview.
He and Melette also reportedly discovered weak encryption methods on all four German mobile networks and were able to decrypt and read mobile transmissions. And in Italy, they found two operators that did not encrypt their data at all.
IT Pro contacted Nohl and Melette to find out if they'd tested any UK networks, but they had not responded at the time of writing. Most of the UK networks IT Pro contacted said they were aware of, and monitoring, Nohl's research.
The Vodafone Group, however, stated that it implements appropriate measures across its networks to protect its customers' privacy.
"We regularly review security measures and carry out risk assessments to prevent the kind of exploit described," Vodafone said in its statement.
Nohl's previous research has also focused on GPRS cryptographic encryption methods. He has criticised operators for failing to use strong 128-bit encryption schemes, after demonstrating how rainbow tables can be used to crack weaker authentication.
