Mobile phone data could be under threat say security experts because of a lack of security systems at a carrier level.
Telecommunication carriers such as Optus, Telstra and Vodafone have set up structures in their organisations that allow a multitude of authorities to legally get access to mobile phone data, say experts attending the recent the Black Hat hacker conference held in Las Vegas.
However several organisations often try to illegally access data in Australia, including foreign embassies, security companies and private individuals.
Dr Karsten Nohl, the lead security researcher behind a project called Airprobe, is urging mobile phone users to check to see who has access to their data.
Security researchers attending the conference revealed a series of tools that, they say, make it easy to see what security systems operators use to stop eavesdropping.
The researchers want to expose operators that have not updated security systems to prevent others listening in.
The BBC said that the tools are based on an attack first demonstrated in late 2009.
“We do want people to go out and study how secure these networks are and to put pressure on the operators to improve,” said Dr Karsten Nohl, the lead security researcher behind the project.
“We’ve built tools that interface with mobile telephone communications,” he said.
“The practical risk to customers is very low and spreading fear and panic amongst mobile users is inappropriate and regrettable”.
Dr Nohl said he and a few dozen others have found a way to shrink the amount of storage needed to hold a complete list of the keys needed to access a mobile phone network and speed up the way to find the one that unscrambles a conversation.
Without these innovations the call cracking project would have got nowhere, said Dr Nohl.
“Just generating the key table would have taken 100,000 computer years and storing it would have taken 100 petabytes,” he said.
Dr Nohl and his colleagues have squeezed the table into a format only two terabytes in size and produced algorithms that can look through it and find the right key in minutes.
Defeating such an attack would be easy for operators, if they have installed an appropriate software update, said Dr Nohl.
For the full BBC story go to this link.
