Slashdot Mirror

← Back to Stories (view on slashdot.org)

Public Access 'Blackspots'

Posted by CmdrTaco on from the look-ma-no-wires dept.

WeakGeek writes "Unstrung has a story talking about a security issue with the combining of 802.11 and GSM/GPRS networks. Seems that 802.11b hotspots provide hackers with an easy way to grab user information from the wide-area network itself. Back when GSM was being defined, standards were designed to only authenticate the details held on the SIM card in a user's device before starting a session on the network. The user's device doesn't in turn check the credentials of the network. Fake a network, get data. Of course, the linked to story seems to be a 'viral' advertisement for a product that fixes this, but I still thought it interesting enough to share."

13 of 89 comments (clear)

  1. More good reading by Gortbusters.org · · Score: 4, Informative

    If ya don't read the article, check out WLAN: The Four S's, and a WEP FAQ.

    --
    --------
    Free your mind.
  2. The complete story by ftvcs · · Score: 5, Informative
    Public Access BlackSpots?
    02.21.03

    CANNES, France -- 3GSM Congress -- There's a big problem with connecting public wireless LAN access points to GSM/GPRS cellular networks, according to SIM card vendor SchulmbergerSema. 802.11b hotspots provide hackers with an easy way to grab user information from the wide-area network itself, the company tells Unstrung.

    The heart of the problem is that when the GSM standard was being defined back in the late 80s, no one imagined that a hacker could set up his own wireless network to gain access to an operator's network and the user data therein. Therefore, GSM networks only authenticate the details held on the SIM card in a user's device before starting a session on the network. The user's device doesn't check the credentials of the network it is attempting to access.

    This was fine before the advent of wireless LAN. But now for a minimal outlay anyone can own a wireless network.

    At the same time, vendors and operators are starting to use SIM card-based authentication front-end systems for public wireless LAN networks, which allow them to link the user back to the home location register (HLR) database on the GSM network and thus manage and bill a subscriber on the WLAN network in the same way as they would on the wide-area network.

    This all adds up to networks that could be vulnerable to hacker attacks, according to Schlumberger.

    Hackers can set up "rogue" hotspots that users will access in the belief they are on the genuine public wireless LAN network. Once users are on the fake network, it is easy for the hacker to access data held on the device via the 802.11 connection (see WLAN: The Four S's and this paper for more on the insecurity of wireless LAN). Hackers can then break into the SIM software on the user's device and get the codes held there. They can then use that information to fool the GSM authentication system and thus gain access to the network.

    Schlumberger say that this won't be a problem once UMTS networks are available, because the 3G standard ensures what's known as "mutual authentication" -- the network authenticates a user device, and the device confirms that it is actually on a valid network before the session can proceed.

    However, for public wireless LAN implementations that will connect to backend systems on GSM and GPRS networks, Schlumberger has developed a SIM card-based system (surprise!) that enables mutual authentication between the device and networks that are accessed via the gateway of public wireless LAN hotspots. The mutual authentication takes place via algorithms on the card itself rather than in SIM card software on the device.

    Schlumberger is showing a system at the 3GSM congress that uses a separate smartcard and reader plugged into a WLAN-enabled laptop. However, the firm says that the smartcard and radio could be integrated into one PCMCIA card, much in the way that Nokia Corp. (NYSE: NOK - message board) has done.

    Orange France is currently testing Schlumberger's security system. Schlumberger expects that operators will start to roll it out before the end of this year.

    -- Dan Jones, Senior Editor, Unstrung
    http://www.unstrung.com

  3. ICH WEISS, DA� SIE NICHT VERSTEHEN by YOU+ARE+SO+FIRED! · · Score: 0, Informative

    Ich spreche nicht wirklich Deutsch. Versuch, für eine Amerikanische Firma zu arbeiten, damit ich Amerikaner zu Ihnen sprechen kann. Dann werde ich Sie brennen. Geschäft?

  4. Re:WEP by esquimaux · · Score: 4, Informative

    Great acronym-dropping, but I'm afraid you have no idea what you're talking about. In a vanilla WEP implementation, all users have to know the shared key of the network, which means that any user has sufficient knowledge to masquerade as the network itself. More modern schemes, like Cisco's, allow the network to authenticate itself to the user (and vice versa), and then provide a per-user key. This prevents the sort of deception (poorly) described in the article.

    "SSL Gateway"? SSL doesn't have anything to do with it. Do you mean IPSEC, or some other tunnel-based security? Or do you mean encapsulating GSM traffic within an SSL connection? That's not exactly a simple solution.

    -- Robert

  5. Re:802.11b WAN will be shortlived by GigsVT · · Score: 2, Informative

    Hams always knew we could use 2.4Ghz at whatever power level we wanted. It's just that when transmitting in a ham capacity, life is pretty boring. You have to identify your station every 10 minutes, you can't transmit anything "obscene", you can't conduct any commercial business, etc. In other words, ham 2.4Ghz can't really ever be used for Internet access.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  6. Re:oh? by monkey_tennis · · Score: 2, Informative

    Actually it's even more obvious than that: WLAN networks are vulnerable "because it's cheap to get a base station and masquerade as a network".

    True, but frankly missing the point by a mile... Commercial WLANs need rock solid authentication for both ends for billing, trust, access control etc. etc.

  7. Re:What's this to do with GSM? by Beatbyte · · Score: 2, Informative

    Yes you are missing the point. Read the article.

    "The heart of the problem is that when the GSM standard was being defined back in the late 80s, no one imagined that a hacker could set up his own wireless network to gain access to an operator's network and the user data therein. Therefore, GSM networks only authenticate the details held on the SIM card in a user's device before starting a session on the network. The user's device doesn't check the credentials of the network it is attempting to access.

    This was fine before the advent of wireless LAN. But now for a minimal outlay anyone can own a wireless network.

    Hackers can set up "rogue" hotspots that users will access in the belief they are on the genuine public wireless LAN network. Once users are on the fake network, it is easy for the hacker to access data held on the device via the 802.11 connection (see WLAN: The Four S's and this paper for more on the insecurity of wireless LAN). Hackers can then break into the SIM software on the user's device and get the codes held there. They can then use that information to fool the GSM authentication system and thus gain access to the network."

    --
    Get paid to code OSS
  8. Helpful hint for moderators: by Anonymous Coward · · Score: 0, Informative
    1. Annonymous Cowards always post with a starting score of 0.
    2. Most slashdot readers not interested in the trolls set their threasholds to 1 or greater, thereby never seeing Annonymous Coward posts that haven't been modded up.
    3. That moderation point could have been used to mod a good post up.
    4. ?????
    5. Profit!
  9. Re:WEP by QuadGoatBoy · · Score: 5, Informative

    No, WEP stands for Wireless Equivalent Privacy, and it certainly has nothing to do with good encryption (uses RC4). What the WEP tries to (poorly) gaurantee is that clients are authenticated with the access point, server, whatever. Unfortunately, it is a one-way authentication that only validates the client, not the access point or server. What that means is that if you get a rogue access point with a bigger signal than the legitimate access point, the client will authenticate with the rogue access point, giving away passwords, encryption keys, etc. Throw in the fact that most wireless networks use shared keys, and you have just set yourself up for a security disaster. SSL gateway will not really help you if you have a man in the middle attack. If the man in the middle can grab the authentication key, it can masquerade as a legitimate user and possibly find out even more great things. If you want more info, check out "Wireless Network Security" published by the National Institute of Standards and Technology and the Department of Commerce. As far as encryption goes, WEP even gives away 24 bits of the encryption key with the IV (Initialization Vector). If you want a good list of the problems with wireless, check out section 3.3.2 of the document I mentioned. If you'd like a checklist of things you can do to lessen your security risks with wireless, check out sections 3.8 and 3.9. Of course, they include things like eye scanners and fingerprint scanners to even access a room with wireless capabilities, but most of those recommendations can be implemented by small to medium businesses with small amounts of technology capital. Thank you for your time, Quadgoatboy

  10. Re:WEP by argmanah · · Score: 2, Informative

    The idea of WEP is to encrypt transmission between the wireless device and the base station. It's mainly just to make sure the traffic doesn't get hijacked in transit, it's very poor as a true authentication scheme. WEP is about as secure as an unlocked car. Click here for a technical explaination of why, plus here for the application that actually does it.

    --
    Overrated Moderation: This posts sucks... because.
  11. Hard to use this to clone mobiles. by threeturn · · Score: 5, Informative
    As someone who's worked on specifying the GSM standard since the early 90s (if not quite the 80s) I can shed some light on this, and why its a non-story.

    The scenario is one where GSM operators use 802.11 to provide data-infill on their GSM networks, and reuse the GSM authentication mechanism over 802.11 to control access. The article is correct to point out that it would be relatively easy for someone to setup an 802.11 access point which pretends to belong to a GSM operator and requests GSM authentication information from connecting devices.

    However, this shouldn't be too big a problem. The GSM authentication mechanism is based on a shared secret key which is written in to the SIM card in a way that SHOULD be read-only. Once its written the key is used by the SIM to calculate a response to a challenge sent from the network. This authentication algorithm is chosen by the network operator, and should be a one way function (ie you can't analyse the challenge/responses to get the secret key). Therefore, the hacker with a false network could get a set of valid responses to a set of challenges, but if the authentication algorithm is correct he can't use this data to get the secret key and clone the SIM.

    The only comment I would make is that flaws have been discovered in the authentication algorithms used by some networks which potentially makes it possible to find the secret key if you have enough challenge/response data. However these algorithms are being replaced, and the computation is still quite heavy.

    To summarise: fake networks attacks aren't new. Using 802.11 just makes it easier. Its best to suppress fake networks by mutual autentication, but even if you don't do this it should still be impossible for the fake network to get enough data to clone a mobile. The main problem with fake networks is that they can intercept the content of communications very easily.

  12. EAP-SIM by tengwar · · Score: 2, Informative
    It's not a problem. If you use 802.1x with EAP-SIM, you get mutual authentication from a standard SIM, but you need two or three exchanges of information. USIMs (for UMTS) can do mutual authentication in one pass, so there's lower latency - but it's not appreciably more secure in the WLAN context.

    Someone mentioned that the authentication information for EAP is passed in the clear. EAP-SIM is not vulnerable to replay attacks because it's a challenge and response method. In normal GSM authentication, the network decides on a random challenge RAND. The network and the SIM calculate a signed response SRES and a session key Kc. The user equipment sends back SRES and the network uses it to authenticate the SIM. This leaves Kc as a shared secret at each end. EAP-SIM uses the same triplet, and uses the multiple passes for mutual authentication (theres an Internet Draft for it at http://www.ietf.org). EAP-SIM can also supply the accumulated Kc's to be used as a session key for WEP. Ok, WEP has known problems, but because you can force re-authentication periodically you can avoid a black-hat accumulating enough packets to crack your session.

    BTW, Schlumberger aren't the only company offering "WLAN" SIMs - another company has been unsuccessfully lobbying 3GPP (the 3G industry standardisation body, who deal with WLAN/3G interoperation) with the same idea.

  13. Re:WEP by QuadGoatBoy · · Score: 3, Informative
    Not quite. RC4 has several pretty serious flaws, both in design and popular implementation. Do you remember when it single-handedly rendered SSH1 useless?

    http://www.ipsec.co.jp/products/ssh/cert/vulnerabi lity.html

    Here is an even cuter, step-by-step explanation of how to BRUTE-FORCE CRACK the IV and RC4 encryption in less than 1 MINUTE!

    http://www.dachb0den.com/projects/bsd-airtools/wep exp.txt

    and the author even provides you with some auditing tools... for your network of course!

    http://www.dachb0den.com/projects/bsd-airtools.htm l

    Padding your keys with any number, especially zero, is not a good encryption scheme. Did I mention that RC4 calls for this? It did wonders for the Windows password file. LOL!

    http://etudiant.univ-mlv.fr/~ecorreia/toto.html

    Want more examples? Email me. It's just not a good algorithm. Unless under some kind of special condition, AES, Blowfish, or something else should be used instead.

    Thank you for your time,

    Quadgoatboy