Cracking GSM

RobertM writes "Professor Eli Biham, one of the worlds most famous crypto analysts, together with two of his students presented an interesting paper on flaws in GSM at the IACR Crypto conference. The GSM association is not happy. Read more on theReg." There's also a Reuters article about the situation.

And in other news...

[will_die]

The US CIA, UK M5 and Israel Mossad are now hiring people with experience with GSM and crypto experience.

A patented crack?

[henrygb]

Reuters is saying "the method is being patented and will be used only by law enforcement agencies, he said".

1. Does DCMA and its cousins allow such methods to be patented?

2. Will the phreakers care about patents?

Re:A patented crack?

[morcheeba]

3. Will any government respect the patents, or will they take the opportunity to bolster their own national security?

Re:A patented crack?

[Kombat]

Governments don't need to crack the signal. They can already listen in on the unencrypted conversation at the base station, or even central office. Vendors of cell equipment are required by law to provide these back doors to government and law enforcement. If they didn't, then they simply couldn't sell their equipment. I know - I used to work in the cell phone billing division of Nortel.

Re:A patented crack?

[HiThere]

The government can't force the phone company to let them eavesdrop without a warrant, but if they just asked, how often would they be allowed? Would there be any records? If not, then there would be no way to tell.

But I'm sure that the government personnel will always follow the written proceedures, just like everyone else.

Stunning Coincedence

[dontod]

that just as the mobile phone companies are desperate to move people on to the next generation of mobile technology, it is revealed that an older technology is flawed.

Amazing.

Don
----------

Eatthepuddingeatthepuddingeatthepudding

Patent protection?

[nuggz]

Illegal interception of calls will be prevented by patenting the technology?

I'm sure that a criminal really cares about patent infringements.

Laws should not be used to shore up broken technology. This only impedes law abiding citizens, and does nothing to improve the protection against crime.

This one arguement against gun control, make them illegal and only criminals will have guns.
Make this illegal and only criminals will listen to your phone call.

Re:Patent protection?

[Zan+Zu+from+Eridu]

Laws should not be used to shore up broken technology. This only impedes law abiding citizens, and does nothing to improve the protection against crime.

Brilliant example of a popular (but fundamental) misconception. Law never protects from crime, law defines what constitutes a crime. If there would be no laws, there would be no crimes. Every law only imepedes the people abiding it.

This one arguement against gun control, make them illegal and only criminals will have guns.

I hopefully have demonstrated that statements like this are tautologies and as such don't carry any meaning. You can use any conceivable law in this argument; if you take it serious you have to reject every law thinkable.

Simply put: "Make X illegal and only crimiminals have/do X." is only restating what the nature of law is: it is the law that makes X a crime. If you think it is a valid argument against law X, you must reject laws A..Z on the same basis.

Re:Risky?

the guy is in Isreal, and this is not DMCA at all. He didnt break any sort of copy-protection scheme. He broke the algorithm itself without needing the keys.

it would be extremely difficult if not impossible to say that GSM is a copy protection device.

Figures

[BiggerIsBetter]

Last time I told a software manufacturer about security flaws they were like, oh we don't care - our users are too dumb to work it out. Uh huh, but what about the competition? I'm sure their opinion would change had I released an exploit for it.

Similarly, the GSM Association probably knew about it, it's probably a designed-in backdoor to allow governmental evesdropping, but now it's public knowledge they're unhappy. Notice they say "very difficult" to exploit - not impossible. They know what's up, and they should've done better.

Well boo hoo GSM. If you've got flaws, fix them - don't go whining when someone finds you out and talks about it. No software is perfect, and trying to pretend otherwise (incl. with DMCA court action) is just a revised addition of The Emporers Clothes.

GSM ... and CDMA?

[bigjocker]

I have been looking for a good source on the security of CDMA (2000 - 1X, but also CDMA). I have found the basic stuff using google, but is difficult to find real info given that almost all the google results are for press releases or biz-talk from the technology providers (qualcomm, ericsson, motorola, etc) and all of them state "great security".

The question is can somebody deploy a off-the-shelf (or homebuilt) scanner and grab the conversations on-the-air? I know that a PR (pseudo random) number is used with the ESN and A-key to generate some keys for encrypting some of the communications, and that the voice channel is "scrambled", but is there a source where the security implications of this is discussed?

Also interesting is that this article appeared (or was going to) on yesterday's slashdot edition but after being available for subscribers for a while it dissapeared.

Re:GSM ... and CDMA?

[mercuryresearch]

You're not thinking like a hacker would on this.

Think about it -- all the hardware you need to demodulate and decode a CDMA signal in realtime is present in a CDMA phone, so it's only a matter of understanding/controlling the hardware and figuring out how to capture the right spreading code and any other keys in use.

Given that, the hardware is probably close to free once you've figured out how to control a phone or download new software to it.

Goverment can evesdrop anyway

[epsalon]

The encryption is only between the handset and the base station. The goverment can easily evesdrop at the cellular provider (after issuing a warrant).

Re:Risky?

What the other posters missed by flaming you because the gentleman is not from the US is that (a) neither was Mr. Skylarov; and (b) this Crypto conference, like the conference at which Mr. Skylarov presented, was held in the United States. So Zone-MR, you make a good point ... unlike the flamers.

Re:Europeans, mod this up!

[perly-king-69]

America is invincible. Other countries will never advance any farther than America wishes them to advance.

Carthage was invicible until Rome turned up.

Rome was invincible until the 'barbarians' turned up.

The Inca were invincible until the Spanish turned up.

There is a proverb from Belarus - Keep one eye on the past and you are half blind. Forget the past altogether and you are totally blind.

Official Term for "Illegal Wiretap"

It's "an anonymous tip"...

GSM has been Toast for years

[billstewart]

There's some nice summary on gsmsecurity.com, but Ian Goldberg did one of the early critical cracks and revealed that 10 of the authentication key bits were set to zeros. GSM has a set of algorithm for the call authentication, and a set of algorithms called A5/1 and A5/2 for the voice encryption. A5/1 was the "stronger" algorithm used in "superior" countries, and A5/2 was the weaker version for "inferior" countries. It turns out that A5/1 is pretty weak, and A5/2 is far weaker, and the fact that Ian could cryptanalyze the system over lunch indicates that it wasn't designed by competent cryptographers.

The initial work didn't totally blow the system open and make on-the-air cracks easy, but it showed that the system was incompetently designed as well as deliberately weakened further, and was yet another reminder that Closed System Design is even worse in cryptography than in software. Subsequent work by people like Biham and Wagner keeps making it worse, and of course computer equipment keeps getting cheaper and larger, which means that attacks that need "hundreds of GB of disk" cost you $200 at Fry's rather than $200000 at the NSA Spook Equipment Shoppe.

In the US, GSM is still a security improvement, weak as it is, because the government bullied the digital cell phone system developers into using even weaker and more broken algorithms (back when they could pretend they were worried about Commie Spies rather than trying to facilitate illegal wiretapping.) (And of course analog cell phones didn't have crypto at all.) But even then, many of the cell phone companies don't bother turning on the crypto - Nokia phones give you a nice friendly indication that they tried to use it and got rejected.

Re:Operators couldn't care less

[Zachary+Kessin]

Because they would get creamed on the first amedment issues. If you take a first rank Professor at a well known university presenting an academic paper at a respected confrence. Thats about as protected as speach can get. And a univeristy like Technion can hire good laywers.

A guy that they can protray as a two bit hacker (right or wrong) can be painted in a very different light. But the first amendment types would have a field day if they arrested him. Of course he may decide just not to go the the USA and bypass the whole problem. But if you are going to have a test case in the courts this would be a good one.

Re:Risky?

[ExtraT]

Please, don't blabber about things you know nothing about. Any ship that enters a warzone does so at it's own risk - and the people on board USS Libery knew that very well, that's why they were relatively calm about the whole thing.
If you willingly enter a place where bullets fly - don't be surprised when one of them hits you.

BTW, to preclude any responses, this applies to that bitch Rachael Corrie too.