Cracking GSM

RobertM writes "Professor Eli Biham, one of the worlds most famous crypto analysts, together with two of his students presented an interesting paper on flaws in GSM at the IACR Crypto conference. The GSM association is not happy. Read more on theReg." There's also a Reuters article about the situation.

Risky?

[Zone-MR]

I wonder how long it will be till they attempt to use the DMCA to silence him - this is after all a typical scenario for the DMCA to be exploited in order to gag scientists and cryptology experts.

Sadly, I wouldn't at all be surprised to see this end up on chillingeffects in the near future.

Re:Risky?

Sure, pad're cause that's not a MISTAKE they cracked, but a 'black_shoe' backdoor. Bet the Feds are hopping mad ... hehe.

Re:Risky?

[ultrasound]

However the original name Groupe Speciale Mobile may give a hint that the standard was not developed in the US, and therefore any reverse engineering is totally out of the scope of any US law.

The three original countries involved in the development of GSM were West Germany, France and Italy, later followed by the UK. Under EU law reverse engineering for the purpose of producing an interface is (at the moment) still legal. Although I think we are being dragged in the same direction as the USA wil lots of DMCA like proposals.

Old hat!

[Noryungi]

Hmmm. If I remember well, other Israeli crypto researchers, including Pr Shamir (of RSA fame, Rivest - Shamir - Adelman) mentioned a couple of years ago that GSM crypto could, theoretically, be cracked almost in real time by a (relatively) low-powered machine.

GSM specialists have known for a number of years now that GSM crypto was not that good. Interestingly enough, GSM crypto was designed by French 'military specialists', which has raised the usual (probably justified) suspicions of backdoors.

Sorry for not being able to produce more info, but I am sure other Slashdotters will have interesting links to supply...

Mod parent up

[InterruptDescriptorT]

Not only does the US fund the weaponry that allows the illegal incursions into Palestinean soveriegn terrority (in the name of "the war against terrorism"), it allows the Israeli people to have one of the highest standards of living in the Middle East while families in Palestine starve and worry about food, clean water and medical care.

And Americans cry and wail and wonder why (and I actually heard this coming from some Midwestern mother of three after some recent attacks in the Middle East) why do they hate us so much? They must hate our freedoms .

Yeah, that's it. They hate our freedom. Look how we continue to support a regime that enslaves and subjugates the Arab people of the MIddle East for the US's own oil thirst. No wonder this is the stupidest country on the planet.

Design flaw or Feature?

[sigxcpu]

It has long been suspected that GSM encryption was specificaly designed with some 'weak spot' to allow law-enforcemant monitoring.
Does anyone know if the article is available online?
I'd like to know if this flaw looks more like a mistake or somthing more intentional.
None of the meadia people who spoke about it seem to understand that "Instant Ciphertext-Only Cryptanalysis" means you are effectivly not protected at all.

REMOB anyone? *GOV CAN TAP YOU*

REMOB anyone?

REMOB (Remote observation mode) is a TSPS console feature of the american telephone system to allow inward ops to monitor a suspected phone that might be "off the hook" prior to interrupting the line for "life or dire emergency" with the 500Hz tone and issuance of the frequently heard phrase "This is the att operator do you wish to disconnect this call you have an emergecy phone call from ...."

but PRIOR to that for 30 second maximum bursts you get to hear an inverterted sound wave... which you can record.

better... the fbi has is setup to cascade overlapping series of REMOB snippets so when one ends (on any CLASS capable ESS r5) another takes over.

This way no interrupt chirp is heard by the victims, and lots of trivially "scrambled' speech can be secretly recorded.

i have never ever ever seen this in print or any edoc in history of phreaking.

I have seen telephon reps state to congree that REMOB did not exist.

it exists.

it does not take outside intercepts (ECHELON) as reported on 60 Minutes, or any NRO or NSA budgets,

it only takes a 6 digit code and the correct connections to do REMOB.

REMOB makes intercepting cell phones laughable in comparison.

besides... the German Gov records ALL cell phones under that alleged statement that in theory it COULD intercept the airwaves anyways if they tried. Remeber the slashdot article?

also the us gov allows no-warrant affixing of GPS locater emmitter bugs under your car frame under the assumption that it could visually track you from their air if they had the money anyways. Remember the Scott peterson case this summer? No initial warrant to put the gps bug on his car.

recording and intercepting ALL cell phone traffic at the point of origin on the LAND LINES is what the fed gov assumes is their right!

no need to mess with intercepts.

July 1983 the us supreme court ruled the public had a right to intercept and use all radio trasmissions INCLUDING call phones. Then they pverturned it partly years later.

today it is LEGAL for the cops to buy and sell equipment to record cell phones, but not the public across state borders. you have to build it from scratch yourself for your own hobbyist needs... and then its legal to use.

but REMOB is far far more humorous.

I know it exists.... first hand

no privacy on mobile phones

[FuzzyBad-Mofo]

In the bad old days of analog mobile phones, there wasn't even encryption on the signal. You could literally walk into Radio Shack and walk out carrying a scanner capable of receiving mobile phone frequencies. (They eventually banned the sale of scanners capable of receiving those frequencies.) Later, TDMA and CDMA technologies made it more difficult to intercept signals, but all that's required is the right decoder.

Encryption of the call is a fairly recent trend and I think it's a terrific idea, but any encryption can be broken in time. While the odds are low that someone may be listing in, guaranteed privacy is impossible.

I think as a whole, we tend to trust in technology without really understanding it. I'm reminded of two engineering students who were visiting my apartment in college, and showing off their new cell phones by one calling the other. They were quite surprised when I was able to intercept their call with a cheap radio scanner. They had no idea their call was not private, simply assuming that the technology was secure. It wasn't.

Uh what?

[bigjnsa500]

So if professor publishes this, its all fine and dandy, but when a citizen publishes an eBook hack he's arrested? What gives?

Basic flaw in GSM

[acegik]

It is so strange, the basic principle behind the crack of the code is a flaw in the design of GSM. The engineers who designed GSM added the error corrections after the encryption and you MUST do it before the encryption. This is the reason you can "listen" to the transmission and learn alot about the call and then Decipher the keys. It is truly strange since everybody that deals with encryption know this basic rule.

A Wise Man...

[Esion+Modnar]

...once said to me that he would much rather have criticism than praise, since praise did nothing for him, and made him feel awkward and embarassed.

Criticism, however, allowed him to improve himself.

Patented = Published = DCMA Unconstitutional?

[G4from128k]

If this cracking method is indeed patented then it must be publicly released for anyone to read and understand. But public release would seem to violate DCMA and stifling the publication would seem to violate the constitutional underpinnings of the patent system (to encourage innovation by both granting monopolies and making inventions publicly accessible for further innovation). Does this make DCMA unconstitutional???

Operators couldn't care less

[daBass]

Like they didn't arrest a russian programmer? Granted, he was distributing working software. But still, the US lets Israel get away with many, many things they wouldn't let other countries.

The only other reason I can see for him not being arrested is the fact that GSM is not a US owned technology. That and the fact that operators couldn't care less, it is not like they hold copyright over your conversations...

Re:Excellent!

[HTD]

i see a practical application for this - use the cracked signal when being in a cinema/theater/you_name_it _before_ the movie/show/whatever starts - all lamers that have turned on their ring-tone will turn their phones off before the show starts. Why you ask? Because during advertisements/entry the light is still on, the signal makes all phones ring and then everybody annoyed by the sound can easily spot the lamer(s) and tell them to shut it off, or kick him when it rings again during the show ;)

Bruce Schneier's comments on GSM security

[frozenray]

Schneier commented on GSM security in a 1999 CryptoGram newsletter, referencing research from 1998 and 1999. Quoting from it:

What's most interesting about these algorithms is how robustly lousy they are. Both voice-encryption algorithms are flawed, but not obviously. The attacks on both A5/1 and A5/2 make use of subtle structures of the algorithm, and result in the ability to decrypt voice traffic in real time on average computer equipment. At the same time, the output of the A8 algorithm that provides key material for A5/1 and A5/2 has been artificially weakened by setting ten key bits to zero. And also, the COMP128 algorithm that provides the keying material that is eventually weakened and fed into the weakened algorithms is, itself, weak.

And remember, this encryption only encrypts the over-the-air portion of the transmission. Any legal access required by law enforcement is unaffected; they can always get a warrant and listen at the base station. The only reason to weaken this system is for *illegal* access. Only wiretaps lacking a court authorization need over-the-air intercepts.

GSM crypto was always suspected to be weak

[dido]

From what I remember, the design of the GSM A5 cipher was always suspected to be weak. From Applied Cryptography:

A lot of strange politics surrounds [A5]. Originally it was thought that GSM's cryptography would prohibit export of the phones to some countries. Now some officials are discussing whether A5 might harm export sales, implying that it is so weak as to be an embarrasment. Rumor has it that the various NATO intelligence agencies had a catfight in the mid-1980's over whether GSM encryption should be strong or weak. The Germans wanted strong cryptography, as they were sitting near the Soviet Union. The other countries overruled them, and A5 is a French design. [emphasis mine]

Bruce Schneier then goes on to say that "There is a trivial attack requiring 240 encryptions." 240 is only some 1 trillion, definitely in reach using today's computers.

Yeah, the NSA has already been doing it, you can be sure of that, and further rumors about GSM crypto that I've been hearing say that the NSA applied pressure on the French as well to insert deliberate weaknesses. Maybe Biham & Co. just managed to find out some of the NSA's "easter eggs".

Re:Anti-israely bigot wants to date an israelly ..

actually Natalie thinks that arabs and israelis are cousins
"most Israelis and Palestinians are indistinguishable physically."
parent post is kinda meaningless.