Mobile phones on the GSM network in India are not very secure, according to a demonstration by security company, Matrix Shell. Business Line reports that the four founding members of Matrix Shell claim that they were able to hack into GSM phones and use the International Mobile Subscriber Identity, which is a unique number assigned to the SIM card. They were able to make phone calls, intercept phone calls, inflate the bill of a postpaid subscriber and deplete the balance of a prepaid subscriber. Service providers will not raise a security concern from any of these activities, because they appear as though they were made by the person whose account it is. They used firmware called Osmocom, and using software they wrote on it, they were able to hack into a GSM phone.
Vulnerable to hacks (Image credit: Getty Images)
They explained their ease of hacking into a GSM phone here with the level of encryption Indian GSM networks use. Akib Sayyed, one of the founders of Matrix Shell explained that standard encryption on a GSM network should be 5/1, but in India, most providers use 5/0, which essentially is no encryption. He did not specify, however, which Indian networks in particular provide the lower encryption. Operators tend to avoid heavier encryption as this would mean the time taken to connect the mobile to the Base Transceiver Station would be greater. Networks want to avoid that as there is a lot of traffic on the GSM networks. More encryption would also mean more hardware upgrades. Those using the correct encryption frequently shut it off.