Cracking GSM
RobertM writes "Professor Eli Biham, one of the worlds most famous crypto analysts, together with two of his students presented an interesting paper on flaws in GSM at the IACR Crypto conference. The GSM association is not happy. Read more on theReg." There's also a Reuters article about the situation.
The US CIA, UK M5 and Israel Mossad are now hiring people with experience with GSM and crypto experience.
1. Does DCMA and its cousins allow such methods to be patented?
2. Will the phreakers care about patents?
Illegal interception of calls will be prevented by patenting the technology?
I'm sure that a criminal really cares about patent infringements.
Laws should not be used to shore up broken technology. This only impedes law abiding citizens, and does nothing to improve the protection against crime.
This one arguement against gun control, make them illegal and only criminals will have guns.
Make this illegal and only criminals will listen to your phone call.
America is invincible. Other countries will never advance any farther than America wishes them to advance.
Carthage was invicible until Rome turned up.
Rome was invincible until the 'barbarians' turned up.
The Inca were invincible until the Spanish turned up.
There is a proverb from Belarus - Keep one eye on the past and you are half blind. Forget the past altogether and you are totally blind.
--
This sig is inoffensive.
You're not thinking like a hacker would on this.
Think about it -- all the hardware you need to demodulate and decode a CDMA signal in realtime is present in a CDMA phone, so it's only a matter of understanding/controlling the hardware and figuring out how to capture the right spreading code and any other keys in use.
Given that, the hardware is probably close to free once you've figured out how to control a phone or download new software to it.
The initial work didn't totally blow the system open and make on-the-air cracks easy, but it showed that the system was incompetently designed as well as deliberately weakened further, and was yet another reminder that Closed System Design is even worse in cryptography than in software. Subsequent work by people like Biham and Wagner keeps making it worse, and of course computer equipment keeps getting cheaper and larger, which means that attacks that need "hundreds of GB of disk" cost you $200 at Fry's rather than $200000 at the NSA Spook Equipment Shoppe.
In the US, GSM is still a security improvement, weak as it is, because the government bullied the digital cell phone system developers into using even weaker and more broken algorithms (back when they could pretend they were worried about Commie Spies rather than trying to facilitate illegal wiretapping.) (And of course analog cell phones didn't have crypto at all.) But even then, many of the cell phone companies don't bother turning on the crypto - Nokia phones give you a nice friendly indication that they tried to use it and got rejected.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks