Results 1 to 8 of 8

via CNet : If you are using a GSM phone (AT&T or T-Mobile in the ... Smartphone News forum

  1. #1
    srl7741's Avatar
    srl7741 no está en línea Stack Professional
    Join Date
    May 2006
    PIN/ID
    Retired
    Posts
    6,359

    Cracking GSM phone crypto via distributed computing

    Advertisement



    via CNet:
    If you are using a GSM phone (AT&T or T-Mobile in the U.S.), you likely have a few more months before it will be easy for practically anyone to spy on your communications.
    Security researcher Karsten Nohl is launching an open-source, distributed computing project designed to crack the encryption used on GSM phones and compile it into a code book that can be used to decode conversations and any data that gets sent to and from the phone.

    He hopes that by doing this it will spur cellular providers into improving the security of their services and fix a weakness that has been around for 15 years and affects about 3 billion mobile users.
    "We're not creating a vulnerability but publicizing a flaw that's already being exploited very widely," he said in a phone interview Monday.
    "Clearly we are making the attack more practical and much cheaper, and of course there's a moral question of whether we should do that," he said. "But more importantly, we are informing (people) about a longstanding vulnerability and hopefully preventing more systems from adopting this."
    This weakness in the encryption used on the phones, A5/1, has been known about for years. There are at least four commercial tools that allow for decrypting GSM communications that range in price from $100,000 to $250,000 depending on how fast you want the software to work, said Nohl, who previously has publicized weaknesses with wireless smart card chips used in transit systems.
    It will take 80 high-performance computers about three months to do a brute force attack on A5/1 and create a large look-up table that will serve as the code book, said Nohl, who announced the project at the Hacking at Random conference in the Netherlands 10 days ago.

    Full Article:

  2. #2
    MStrawder's Avatar
    MStrawder no está en línea Stack Pro
    Join Date
    Jul 2008
    PIN/ID
    Ask
    Posts
    1,825
    Very interesting piece, but I wonder if the intended result is likely. Will the carriers actually scramble to change things? I doubt it. Based on the limitations of the current technology mentioned in the article and price of the equipment, they'll say it's no more to be worried over then someone wire-tapping your home phone.
    "Our greatest fear is not that we are inadequate, but that we are powerful beyond measure" ~ Marianne Williamson
    Current OS list by device
    How to upgrade your OS

  3. #3
    Thyth's Avatar
    Thyth no está en línea Stack level 3
    Join Date
    Sep 2007
    Posts
    273
    A5/3 (KASUMI) used for 3G communications is significantly stronger, and is supported by most of the modern "2G" towers as well.

    In the radio engineering screens on the BlackBerry, you can switch cipher modes to KASUMI if you want your 2G calls and data transfers to be more secure over the air.
    Need an eScreen code? Try my generator: http://absolous.wavegap.com/projects/escreen/

  4. #4
    kidwell61's Avatar
    kidwell61 no está en línea Stack level 2
    Join Date
    May 2007
    PIN/ID
    2174C23C
    Posts
    79
    Just have everyone use bb messenger

  5. #5
    thbassman's Avatar
    thbassman no está en línea Stack Professional
    Join Date
    Apr 2007
    PIN/ID
    ASKME4IT
    Posts
    10,235
    This is the kind of things that make you wonder . . .
    THBASSMAN

    Carpe Diem!!

    thbassmanatpinstackdotcom

    Check this out!!! Mobiletropolis

    My TORCH Rocks!

  6. #6
    MStrawder's Avatar
    MStrawder no está en línea Stack Pro
    Join Date
    Jul 2008
    PIN/ID
    Ask
    Posts
    1,825
    Quote Originally Posted by thbassman View Post
    This is the kind of things that make you wonder . . .
    Agreed and at least the programmers recognized there is a moral decision of whether to release the data. I suspect someone will step in and attempt a legal sanction against them.
    BlackBerry8900/4.6.1.231 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/100

  7. #7
    MWPatterson's Avatar
    MWPatterson no está en línea BES Pro
    Join Date
    Dec 2006
    PIN/ID
    Ask Plz
    Posts
    1,031
    This is the reason why I do not use a GSM carrier. It was designed to be weak on security. When CDMA was first implimented it was the only form that could not be listened to using a scanner. Now GSM is opening the flood gates again. As I work with security at work I realize that it does not matter what you use there will always be ways to listen in or intercept your data. Just remember that if you do not encrypt your emails they are transmitted as plain text over the wire and can be read by anyone that has access to the systems, not to be an alarmest. Just an FYI.

  8. #8
    Thyth's Avatar
    Thyth no está en línea Stack level 3
    Join Date
    Sep 2007
    Posts
    273
    The original CDMA2000 (also LFSR based) ciphers (CAVE/CMEA/ORYX) were weaker than A5/1 used on GSM networks. 3G GSM (which, by the way, is a W-CDMA transport) and newer CDMA2k networks use Kasumi (in a counter mode).

    The hardware necessary to reassemble the spectrum spread communications of CDMA type transmissions is more complicated, but "2G" CDMA2k networks are otherwise no more secure than a GSM one.

    Of course, if someone really wants to see the data you are sending, they'd just wiretap the tower itself, since communications over the cellular network (i.e. between base stations and the internet) itself are not encrypted.
    Need an eScreen code? Try my generator: http://absolous.wavegap.com/projects/escreen/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •