Cracking GSM

RobertM writes "Professor Eli Biham, one of the worlds most famous crypto analysts, together with two of his students presented an interesting paper on flaws in GSM at the IACR Crypto conference. The GSM association is not happy. Read more on theReg." There's also a Reuters article about the situation.

Risky?

[Zone-MR]

I wonder how long it will be till they attempt to use the DMCA to silence him - this is after all a typical scenario for the DMCA to be exploited in order to gag scientists and cryptology experts.

Sadly, I wouldn't at all be surprised to see this end up on chillingeffects in the near future.

Re:Risky?

the guy is in Isreal, and this is not DMCA at all. He didnt break any sort of copy-protection scheme. He broke the algorithm itself without needing the keys.

it would be extremely difficult if not impossible to say that GSM is a copy protection device.

Re:Risky?

[epsalon]

Nathan, Elad, and Eli Biham are not US citizens as far as I know...

Re:Risky?

[squiggleslash]

They don't need to.

In GSM, the encryption algorithm is built into the SIM card. A mobile phone company convinced their system has been compromised can support an alternative encryption system. The standard encryption algorithms are deliberately weak because of government meddling, but it's not an insummountable hurdle to change that.

Re:Risky?

What the other posters missed by flaming you because the gentleman is not from the US is that (a) neither was Mr. Skylarov; and (b) this Crypto conference, like the conference at which Mr. Skylarov presented, was held in the United States. So Zone-MR, you make a good point ... unlike the flamers.

Re:Risky?

[Zachary+Kessin]

They are all infact at the Technion, Israel's high Tech-engineering school in Haifa. The DMCA is a US law, which applies to people in the USA. It has absolutly no effect on people outside the USA.

Now in theory if they travel to the USA they could have a problem, and many Israelis do travel to the USA for one reason or another, but I don't think the US goverment will arrest an Israeli professor for publishing a paper.

Re:Risky?

[tomstdenis]

Um they already presented their work. I was there I should know. In fact their attack is hardly "news" I was chatting with certain people at the conference and they already knew the details of the attack way before the presentation took place.

Santa Barbara is an awesome btw! I can't wait for CRYPTO'04

Tom

Re:Risky?

In GSM, the encryption algorithm is built into the SIM card. A mobile phone company convinced their system has been compromised can support an alternative encryption system. The standard encryption algorithms are deliberately weak because of government meddling, but it's not an insummountable hurdle to change that.

Wrong! The encryption algorithm is not in the SIM, it's in the phone. The (broken a long time ago) authentication algorithm is in the SIM and can be changed by issuing new SIM cards. The encryption is in the phone, so the phone needs to be upgraded. Also, see the Crypto03-paper by Biham et al. for ways in which you can break the system even if the default is to use a strong encryption algorithm.

Re:Risky?

[Kombat]

Seeing as this has nothing to do with copyright violation, the DMCA is completely inapplicable. There are no laws against cracking encryption that is unrelated to copyright violation, even in the US.

You'd have had better luck if you'd suggested the PATRIOT act as a means to silence him, but even that would be very dubious.

Re:Risky?

Sure, pad're cause that's not a MISTAKE they cracked, but a 'black_shoe' backdoor. Bet the Feds are hopping mad ... hehe.

Re:Risky?

[ultrasound]

However the original name Groupe Speciale Mobile may give a hint that the standard was not developed in the US, and therefore any reverse engineering is totally out of the scope of any US law.

The three original countries involved in the development of GSM were West Germany, France and Italy, later followed by the UK. Under EU law reverse engineering for the purpose of producing an interface is (at the moment) still legal. Although I think we are being dragged in the same direction as the USA wil lots of DMCA like proposals.

Re:Risky?

[guile]

the guy is in Isreal

This remembers me an old quote:
God is Real, unless declared Integer

Re:Risky?

[r_j_prahad]

I don't think the US goverment will arrest an Israeli professor for publishing a paper.

Why not? The US Government arrested a Russian civilian for giving a speech.

Re:Risky?

[gpinzone]

TDMA, which is used in the GSM standard, does represent the majority of US cellular networks. CDMA is used primarily by Verizon. AT&T, T-mobile, Cingular, etc. don't use CDMA.

Re:Risky?

[Minna+Kirai]

But they don't even chastise Israeli pilots for killing dozens of Americans.

Israel gets a free pass from the US.

Re:Risky?

[hamilton76]

When did Israelis kill dozens of Americans?

Re:Risky?

[CurlyG]

Most famously when the Israeli Air Force attacked the USS Liberty in 1967. The official line is that it was an accident, however the circumstances are very suggestive of a deliberate attack.

Re:Risky?

[ExtraT]

Please, don't blabber about things you know nothing about. Any ship that enters a warzone does so at it's own risk - and the people on board USS Libery knew that very well, that's why they were relatively calm about the whole thing.
If you willingly enter a place where bullets fly - don't be surprised when one of them hits you.

BTW, to preclude any responses, this applies to that bitch Rachael Corrie too.

Re:Risky?

[tomstdenis]

No but I did hand out drafts of my textbook. Does that count?

Ass.

Tom

Re:Risky?

[ExtraT]

As I said - don't blabber about things you don't understand. You'll save yourself some embarassment.

Re:Risky?

[WuphonsReach]

Specifically, an old Fortran quote... default variable types were defined based on the first letter of the variable name.

Variables begining with the letters J-L would be defined as type integer by default. All the others were defined as Real (roughly equiv to float IIRC).

Hence "God" is "Real".

Re:Risky?

[tomstdenis]

not to mention paper mache.

ass.

Tom

Re:Risky?

[cmdr_beeftaco]

There are more than a few guys from Paskistan would say it doesn't matter where you are.

And in other news...

[will_die]

The US CIA, UK M5 and Israel Mossad are now hiring people with experience with GSM and crypto experience.

Excellent!

I always thought a funny and interesting practical application of cracking GSM, or pretending to be a mobile phone mast through other means would be to ring everyone's mobile up in the area at the same time and have them all talk to each other. That would be excellent!

Re:Excellent!

[HTD]

i see a practical application for this - use the cracked signal when being in a cinema/theater/you_name_it _before_ the movie/show/whatever starts - all lamers that have turned on their ring-tone will turn their phones off before the show starts. Why you ask? Because during advertisements/entry the light is still on, the signal makes all phones ring and then everybody annoyed by the sound can easily spot the lamer(s) and tell them to shut it off, or kick him when it rings again during the show ;)

This is news?

[dphoenix]

I don't see how this is news, I've known about this for months, I heard them talking about it on their GSM pho- uh, nevermind.

Re:This is news?

[Borg_5x8]

Because they have a benevolent reposting god to watch over them.

Related topic: GSM Forensics

The International Journal of Digital Evidencehas a current article about GSM forensics.

Feeling sleepy

"The paper was presented at last month's Crypto Conference in Santa Barbara, California but news of this alarming discovery only broke yesterday."

Because most of the attendees were sleeping after a heavy lunch and martinis.

A patented crack?

[henrygb]

Reuters is saying "the method is being patented and will be used only by law enforcement agencies, he said".

1. Does DCMA and its cousins allow such methods to be patented?

2. Will the phreakers care about patents?

Re:A patented crack?

[morcheeba]

3. Will any government respect the patents, or will they take the opportunity to bolster their own national security?

Re:A patented crack?

[Kombat]

Governments don't need to crack the signal. They can already listen in on the unencrypted conversation at the base station, or even central office. Vendors of cell equipment are required by law to provide these back doors to government and law enforcement. If they didn't, then they simply couldn't sell their equipment. I know - I used to work in the cell phone billing division of Nortel.

Re:A patented crack?

[Urkki]

Apparent purpose of the patent would be to prevent anybody from developing and selling GSM listening devices commercially unless they can get license from patent holder.

I mean, that's generally what patents are meant for, to prevent others from exploiting your innovation.

Of course if somebody doesn't care about patent laws, it doesn't help. However, it'll keep this technology off the shelves of your local electronics shop.

And I don't think DMCA has anythig to do with patents directly.

Re:A patented crack?

[donutello]

In the US, that requires a warrant to do. However, if it's possible to crack the signal then the government can eavesdrop on a conversation without a warrant.

Re:A patented crack?

[HiThere]

The government can't force the phone company to let them eavesdrop without a warrant, but if they just asked, how often would they be allowed? Would there be any records? If not, then there would be no way to tell.

But I'm sure that the government personnel will always follow the written proceedures, just like everyone else.

Re:A patented crack?

[Jayfar]

IRandom wrote:
"Just a note, a patent may still be kept secret.
So the fact that a method is patented doesn't mean that anybody can access it.
If i'm not mistaken the formula for coca-cola is patented and secret."

You're mistaken on both counts.A google search on patent vs "trade secret" will set you straight.

Re:A patented crack?

[terrymr]

Patents may not be secret. Patent rights are granted in return for publishing your design. The coca-cola formula is not patented, just secret.

Re:A patented crack?

[Desert+Raven]

The government can't force the phone company to let them eavesdrop without a warrant, but if they just asked, how often would they be allowed?

Actually, the phone companies tend to be very sensitive about this stuff. There are certain exigent conditions under law where warrants are not required (active hostage situations, etc.) however, tryiong to actually get access under those conditions can be difficult, the phone company really WANTS that paper, as it absolves them of liability.

Re:How does this affect US/Israel relations?

[borgdows]

nothing!

but if the scientists came from an Arab country, they would have been nuked for that...

that is a road

the UK M5 is a road. perhaps you mean MI5?

Re:that is a road

[troc]

I have always suspected the M5 of being "more" than just a road. All those caravans must be up to something, the way they all travel in swarms to the same places at the same times. I firmly think the bad driving, weird lane usage, flat caps and children are all either a secret language or simply designed to throw us off the scent.

Or maybe I need to take my pills.

Troc :)

Re:that is a road

[BrokenHalo]

As opposed to the M15 :-)

Stunning Coincedence

[dontod]

that just as the mobile phone companies are desperate to move people on to the next generation of mobile technology, it is revealed that an older technology is flawed.

Amazing.

Don
----------

Eatthepuddingeatthepuddingeatthepudding

Patent protection?

[nuggz]

Illegal interception of calls will be prevented by patenting the technology?

I'm sure that a criminal really cares about patent infringements.

Laws should not be used to shore up broken technology. This only impedes law abiding citizens, and does nothing to improve the protection against crime.

This one arguement against gun control, make them illegal and only criminals will have guns.
Make this illegal and only criminals will listen to your phone call.

Re:Patent protection?

[Urkki]

Make this illegal and only criminals will listen to your phone call.

I belive the very act of listening to other people's phone calls makes you a criminal... And there are no legitimate uses (unlike guns).

So wether cracking GSM is illegal or not, "only criminals will listen to your phone calls" anyway.

Did you try the subtle art of irony and a moderator misunderstood? :-)

Re:Patent protection?

[pr0nbot]

This one arguement against gun control, make them illegal and only criminals will have guns.

Not sure about your analogy...

I'd guess (without any stats) that more people are killed by legal guns than illegal guns. So, I'd be happy for guns to be illegal. Fortunately, they are where I live.

Also - this patent is to paper over a flaw in technology; gun control is to paper over a flaw in Man.

Re:Patent protection?

[nuggz]

Acutally that is my point, once you break one law (listening in), would you care if you infringe on someones patent? I doubt it.

Re:Patent protection?

[nuggz]

I'd guess (without any stats) that more people are killed by legal guns than illegal guns.

You would be guessing wrong at least in Canada.
Guns that end up killing people tend to be stolen, illegally stored, or owned by people who shouldn't have a gun.

Few deaths result from responsible gun owners.

Myself I don't have a gun, I think most city dwellers need a gun like they need their SUV.

Re:Patent protection?

[espo812]

I belive the very act of listening to other people's phone calls makes you a criminal

You think that intercepting radio waves broadcast through my house and body is a criminal act? That seems a bit far fetched.

Whenever I talk on my cell phone, I realize that a multitude of people can be listening from people in the room to people in the cell area with radio scanners. If it's something sensitive, I'll use a landline or a secure channel. When I'm on my computer, I realize anyone on my collission domain can be intercepting my communications. If it's something sensitive, I'll use a secure channel.

Simple fact is, there are technical ways to setup secure communications - and people who think broadcast can be secure from eavesdropping are crazy.

Re:Patent protection?

[2short]

Your analogy w/ guns is not so bad; just declaring this tech illegal will work similarly to banning handguns (e.g. in Britain). That is to say,not perfectly, but still extremely well.
Patent infringement will prevent any legitimate company from producing a device to listen in on GSM, so while some might be able to build it themselves, for the most part the people who would listen in won't be able to or won't bother.

Similarly, there are places where handguns are illegal (such as England). Some people say "But then only criminals will have guns!", and while this is true, it is also true that in this environment, the vast majority of criminals DON'T have guns. Which sounds nice to me.

Re:Patent protection?

[Jah-Wren+Ryel]

Myself I don't have a gun, I think most city dwellers need a gun like they need their SUV.

That's why I installed a gun-rack in my SUV!

Re:Patent protection?

[Zeriel]

Odd analogy, considering that every statistic I've seen has pointed to Britain's RISING crime rate since the handgun ban. =P

Sources claiming otherwise would be wonderful.

Re:Patent protection?

[Zan+Zu+from+Eridu]

Laws should not be used to shore up broken technology. This only impedes law abiding citizens, and does nothing to improve the protection against crime.

Brilliant example of a popular (but fundamental) misconception. Law never protects from crime, law defines what constitutes a crime. If there would be no laws, there would be no crimes. Every law only imepedes the people abiding it.

This one arguement against gun control, make them illegal and only criminals will have guns.

I hopefully have demonstrated that statements like this are tautologies and as such don't carry any meaning. You can use any conceivable law in this argument; if you take it serious you have to reject every law thinkable.

Simply put: "Make X illegal and only crimiminals have/do X." is only restating what the nature of law is: it is the law that makes X a crime. If you think it is a valid argument against law X, you must reject laws A..Z on the same basis.

Re:Patent protection?

[Urkki]

• You think that intercepting radio waves broadcast through my house and body is a criminal act? That seems a bit far fetched.

Intercepting or receiving radio waves isn't illegal of course. Same as you are not breaking any law if you hear when your neighbours shout to each others over you property (hell, if they bother you with it, you can probably get them for disturbing your peace). Even descrambling probably isn't illegal, unless there's a specific law against that. But listening to certainly is. That's about same as using sensitive directional microphone from your house and listening what is said at your neighbour's house. Surely you don't think that's legal too, just because the sound waves travel through you and your property, and if you want to have a private conversation you should be in some special room or avoid sounds by using pen and paper...?

It's the same principle as with post. If you get somebody elses mail by mistake, you are not allowed to open it even if it came through your mailbox and lies on your floor in your house on your land.

I mean, if you want to get technical, then every telephone wire is actually a radio antenna. With sensitive enough equipment you can listen to what it transmits, just as with correct equipment you can (according to the article) mess with GSM. So what did you say about landlines being secure?

A civilized society has to protect privacy of it's citizens, both from the government and from other citizens. That's just common sense to me.

And you say "far fetched"... Hmm, tell me, are you by any chance an American...?

• Simple fact is, there are technical ways to setup secure communications - and people who think broadcast can be secure from eavesdropping are crazy.

Yes, but that doesn't make eavesdropping legal.

"Simple fact is, there are technical ways to travel safely - and people who think walking on street is safe from getting killed are crazy."

That's true too, but it doesn't mean that intentionally driving over somebody walking on a street should be legal...

Re:Patent protection?

[nuggz]

This one arguement against gun control, make them illegal and only criminals will have guns.

I hopefully have demonstrated that statements like this are tautologies and as such don't carry any meaning. You can use any conceivable law in this argument; if you take it serious you have to reject every law thinkable.

The point is that by banning guns, only those who we would wish not to have guns would have them. The law abiding citizens who may have a use would not.

Re:Patent protection?

[Anonym0us+Cow+Herd]

once you break one law (listening in), would you care if you infringe on someones patent? I doubt it.

You are not evaluating the possible differences in penalties.

Listening in is a crime in most states with some suitable punishment that was probably codified into law decades ago.

Violating a patent is likely to get you the death penalty.

Re:Patent protection?

[nmos]

You would be guessing wrong at least in Canada.
Guns that end up killing people tend to be stolen, illegally stored, or owned by people who shouldn't have a gun.

Few deaths result from responsible gun owners.

Unfortunately demonstrating "responsibility" isn't a requirement for gun ownership, at least in the US (maybe it's better in Canada). I for one would love to see gun ownership be tied to passing some sort of training course covering both safety and the legal aspects of what you can/cannot do with your gun.

I suspect that this is one of those cases where statistics can be spun to support both sides of the gun control debate. Consider that in the US:

"In most murders involving handguns the handgun is illegal" is probably true.

"most gun deaths involve an illegal firearm" may well still be false.

The reason is that many gun deaths are due either to accidents or legal shootings.

Re:Patent protection?

[FurryFeet]

Make killing illegal, and onlu criminals will kill.
So?
Really, dude, the gun lobby needs new arguments.

Disclaimer: I'm not necesarily pro or anti-guns. But I'm tired of that silly catchphrase that is not smart, nor deep, nor proves anything.

Re:Patent protection?

[2short]

How about the rate of crime-related fatalities and of gun-accident fatalities? In the US, the vast majority of deaths from assault are from assault by firearm.

Anyway, the point of the analogy was that in Britain, most criminals don't have handguns, because they fairly difficult to get. Similarly, if it were illegal to produce GSM snooper devices, most people who wanted to listen in wouldn't have them, because they couldn't just go down to radio shack and pick them up.

Re:Patent protection?

[Zan+Zu+from+Eridu]

The point is that by banning guns, only those who we would wish not to have guns would have them. The law abiding citizens who may have a use would not.

Ah, so banning guns automatically means banning police guns too? (The executive having a monopoly on violence and all that...) Basically what you're saying is you do not trust law-enforcement, or you don't believe it is capable of enforcing the law (eg. disarming the criminals). Anyway, I would rather like not to get involved in a gun-control flamewar.

Bottom line is my point still stands, the argument has very shaky foundations. The law defines crime, so it's not very surprising people who don't abide the law are criminals.

Re:Patent protection?

[stephanruby]

Unfortunately demonstrating "responsibility" isn't a requirement for gun ownership, at least in the US (maybe it's better in Canada). I for one would love to see gun ownership be tied to passing some sort of training course covering both safety and the legal aspects of what you can/cannot do with your gun.

Lack of training might be a problem, but I'd like to see some kind of statistics backing up this claim.

For example, in some parts of Europe, licensed car drivers are some of the best trained and some of the most carefully screened drivers in the world, and yet they can be pretty careless compared to their American counterparts.

Re:Patent protection?

[Johnath]

I do hate to get bogged down in semantics, especially in such an off-topic thread, but I would argue that you are either being deliberately pedantic or missing the point. This is just the old denotation vs. connotation merry-go-round, but what the heck, eh? For old time's sake.

The argument states "if you make gun ownership a crime, then only criminals will have guns" and of course you are right that this is, prima facie, a logical tautology which is fine except that is not how anyone is intending the argument to be heard. Conversational implicature. The argument, if you prefer, can be stated as "if you make gun ownership illegal, then the only people who will have guns are unsavoury types who do not respect any laws, and who will now use their lack of guilt to advance their other criminal enterprises by way of their now-exclusive ability to possess firearms whereas in the past, though they might intend to use firearms in the commission of murder, robbery, or what-have-you, at least there was the notional deterrent that their (law-abiding) victims may also possess guns for purposes of defense." That is to say, people are expecting you, as a fellow human and english speaker, and as someone with a presumably compatible life experience and social context, to understand the word criminal as having significant, if not primary, meanings ASIDE from that of being someone who commits a crime.

I only mention all this because I have watched many interesting discussions become derailed by arguments like this which are not in any way relevant, but are nonetheless suggestive enough to be distracting. No personal attack is intended, of course.

Re:Patent protection?

[kinzillah]

Except law-abiding citizens have legitimate uses for guns, ie. shooting non law-abiding citizens who have invaded their home.

I can't possibly think of a reason a normal citizen would have legitimate reason to break the encryption on GSM.

The issue of Gun Control would be mor akin to the issue of just encryption, where there are tons of reasons law-abiding citizens would need to encrypt things, mainly to keep their sensitive information away from the non law-abiding citizens (or anyone that might have nefarious intentions).

That said, I agree that patent laws shouldn't be used in this manner, something outlawing specifically something like "the deliberate interception of communications without concent or authority to do so" would be more appropriate. Something to this effect might already exist, but I'm not a lawyer or anything :)

Re:Patent protection?

[not-folly]

The meaning of that argument is deeper than you think. I have several guns, most of them for hunting or sport. One I keep for protection at my house. The point is that if I wasn't allowed to own that (or any) guns, I would not be able to defend myself or my family against a criminal with a gun who breaks into my house. I am allowed to defend myself and my family.

I keep myself very well trained with my guns, both through practice and instruction, and I believe that both should be mandatory prerequisites to gun ownership. If you want gun control, don't make it more difficult for those who acquire guns legally, make it more difficult for those who don't.

No flame, just rational argument.

Re:Patent protection?

[nmos]

Lack of training might be a problem, but I'd like to see some kind of statistics backing up this claim.

I don't have any stats but I've seen the way some people treat guns and that's enough for me. As just one example I've run into several people that believe it's ok to point a gun at friends/family members if they think it isn't loaded. I've seen others let their kids play with guns using the same reasoning. I don't know how many people actually get killed from these antics but some would have to.

Re:Patent protection?

[Zan+Zu+from+Eridu]

Firstly, I'm not trying to be pedantic or to derail the discussion. The semantic argument is more than word games, it's making people realize what law actually is and does. Criminal behaviour is not some fundamental property of human nature; "criminal" is a label a state puts om some forms of behaviour and the people who display it. A criminal action could certainly be the right thing to do morally speaking (depending on your personal lot), and sometimes even be the ethical thing to do.

Secondly, on(off) the topic of gun control. As said, a lawbreaker always has an unfair advantage over someone who abides the law. That's one of the reasons for having law enforcement, and that's why anti gun control arguments usually come down to distrust of law enforcement and/or the belief that law enforcement is not competent enough to effectively disarm the "predators".

Ofcourse you have the right to defend yourself, even with deadly force if nescessary. The point is gun control will reduce the number of guns on the market, which will reduce the number of crimes involving guns, so the average citizen ends up with a smaller risk of getting involved in life threatening situations. I do realize you have a big problem if you just ban guns all at once, because they are not going to magically disappear. I do know however a lot of countries around the world have succeeded in gradually reducing gun posession.

Finally, to me, as someone not living in the US, gun control is not much different from control of dangerous chemicals, biological agents, explosives and radioactive materials. You obviously run a bigger risk of accidents if you allow things like this to proliferate throughout the population, even if everyone behaves responsibly. Note all of those things could ensure the freedom of whoever keeps or bares them, but as the population grows denser the chance of accidents and abuse grows too. At some point it becomes unacceptably high, and you have to take action before chance becomes certainty.

Re:Patent protection?

[Zan+Zu+from+Eridu]

The meaning of that argument is deeper than you think.

Probably, but then what I wrote was not as superficial as it sounds either. I posted a reply explaining this.

I keep myself very well trained with my guns, both through practice and instruction, and I believe that both should be mandatory prerequisites to gun ownership. If you want gun control, don't make it more difficult for those who acquire guns legally, make it more difficult for those who don't.

Gun control doesn't mean an outright ban on guns, that would certainly work counterproductive. It usually means you have to have a permit to own a gun, and you get the permit if you aren't convicted of any crimes and you state good reasons for owning the desired type of gun (stating "hunting" shouldn't get you a permit for an uzi).

This way you discourage people from buying guns without thinking about it properly, it keeps dangerous people from buying guns, and it makes for a more efficient gun registration process.

Re:Patent protection?

[stephanruby]

People don't point guns at people because they don't know any better, they point guns at people precisely because it's dangerous to do so and precisely because it gives them somekind of power over their target.

A (former) friend pointed a paintball gun at my face once. We were not in the gaming area and I was not wearing my mask. He claimed he didn't know his gun could go off because of the plug. That was a lame excuse when I heard it and it is still a lame excuse now. He had been trained and yet he still was acting like an irresponsible asshole. Training can only go so far.

Hey! I know these people!

[epsalon]

Elad, Nathan, Eli Biham and Orr Dunkelman (which was not listed for some reason) are friends of mine at the Technion Israeli Institute of Technology. Their previous attack on A5/1 required a few hundred GB of HD space and dedicated telephony equipment to pull. A5/2 is a peace of cake in comparison. This new attack makes it ciphertext only. That means that you don't have to initiate a short call (for example) to the evesdropee or knowing some part of the call (like with voicemail) before breaking the encryption. It uses the signal correction mechanism to initialize itself.

In general, this is no big news, because this equipment is hard to aquire and the benefits are not that great. In comparison, CDMA and TDMA don't (effectively) encrypt calls at all.

Re:Hey! I know these people!

[RzUpAnmsCwrds]

"CDMA"

CDMA actually does have a form of encryption. CDMA operates on the principle that your frequency changes continuously based on a seeded pseudo-random number generator. Thus, if an attacker does not have the seed, it is difficult for them to capture even one packet from your phone.

In practice, I do not know how secure this is, but it's better than nothing.

Re:Hey! I know these people!

[RzUpAnmsCwrds]

"GSM has frequency hopping too."

Yes, but the way I understand it, GSM doesn't hop nearly as fast or as randomly as CDMA technologies do. With CDMA, everybody is effectively on the same "channel" all the time, they just hop frequencies in a pseudo-random order. CDMA has a "soft" cell size limit - as more users are added, the noise floor increases (because there is a greater chance for a frequency collision) and eventually the data becomes unreadable.

The best analogy I heard was a room full of converstaions. In GSM, everyone talks in short blips, and no one transmits at the same time to the same person. With CDMA, everyone talks all the time, but they are all speeking different languages.

Figures

[BiggerIsBetter]

Last time I told a software manufacturer about security flaws they were like, oh we don't care - our users are too dumb to work it out. Uh huh, but what about the competition? I'm sure their opinion would change had I released an exploit for it.

Similarly, the GSM Association probably knew about it, it's probably a designed-in backdoor to allow governmental evesdropping, but now it's public knowledge they're unhappy. Notice they say "very difficult" to exploit - not impossible. They know what's up, and they should've done better.

Well boo hoo GSM. If you've got flaws, fix them - don't go whining when someone finds you out and talks about it. No software is perfect, and trying to pretend otherwise (incl. with DMCA court action) is just a revised addition of The Emporers Clothes.

Re:Figures

[BiggerIsBetter]

Ass. Of course I read the article - or did you miss the quote?

The best backdoors are those which don't look like one - secret passages if you will. Maybe it really was a genuine "mistake", but something "fundamental" that requires "complex technology" and the need to "target a specific caller" is just a little too convienient for me. I'm no conspiracy theorist, but when it looks like a duck, walks like a duck, and quacks like a duck, I'll call it a duck.

Go learn how to reverse then come back and see if you still want to call me an idiot, AC.

Re:Figures

[BiggerIsBetter]

Second, that means a LOT of software has to be changed : every single telephone would have to have its software changed. You don't download a patch through the internet to change the ROM of your telephone, do you ?

IMHO, that's something that should have been considered in the standard. There's really nothing to stop a ROM update happening over the telephone network. Field updates aren't a new thing, and although they can be done at a dealer, I think doing it over the airwaves makes more sense.

I don't know of any successful evesdropping either, but it's not something that you would advertise had you done it, I guess.

Base Stations

[mopslik]

According to Reuters, the Association claims an attacker would have to "transmit distinctive data over the air to masquerade as a GSM base station". An attacker would also have to be placed between a caller and a base station to intercept a call, it adds.

So, it's possible to intercept calls by mimicing a base station by placing yourself where a base station could be? Sounds awfully like a game of monkey-in-the-middle to me.

My generalization probably makes this seem more "duh, obvious" than it likely is.

Re:Base Stations

[stratjakt]

Sounds awfully like a game of monkey-in-the-middle to me.

I believe the term for this is "man in the middle" attack.

GSM ... and CDMA?

[bigjocker]

I have been looking for a good source on the security of CDMA (2000 - 1X, but also CDMA). I have found the basic stuff using google, but is difficult to find real info given that almost all the google results are for press releases or biz-talk from the technology providers (qualcomm, ericsson, motorola, etc) and all of them state "great security".

The question is can somebody deploy a off-the-shelf (or homebuilt) scanner and grab the conversations on-the-air? I know that a PR (pseudo random) number is used with the ESN and A-key to generate some keys for encrypting some of the communications, and that the voice channel is "scrambled", but is there a source where the security implications of this is discussed?

Also interesting is that this article appeared (or was going to) on yesterday's slashdot edition but after being available for subscribers for a while it dissapeared.

Re:GSM ... and CDMA?

[Andy+Dodd]

"The question is can somebody deploy a off-the-shelf (or homebuilt) scanner and grab the conversations on-the-air? I know that a PR (pseudo random) number is used with the ESN and A-key to generate some keys for encrypting some of the communications, and that the voice channel is "scrambled", but is there a source where the security implications of this is discussed?"

In theory, anything is possible.

Off-the-shelf scanner - Definately not. Unless you're talking about high-end five-figure and even six-figure sums. A Rohde and Schwartz FSIQ would probably be 90% of the hardware needed to crack a CDMA signal, but FSIQs run $75k used ($120k or so new). An Agilent E4406A VSA starts at $32000 and cdmaOne and CDMA2000 options are extra $$$. And these might not even be sufficient for realtime monitoring and demodulation. It would be possible to build custom equipment for much less, but only a M.S. or Ph. D. in EE would be able to design a system to do adequate realtime demodulation of CDMA.

Non-realtime (capture the signals and post-process them) - Much easier. The hardware is $1000-2000 off-the-shelf (see GNU Radio), and the software is $99 if you're a student (Matlab), although you'll still need thorough knowledge of CDMA and some communications systems background to write the demodulation algorithms.

I don't know about the datastream-level encryption, but CDMA is much tougher to demodulate than the TDMA scheme used by GSM. (Given a captured baseband signal, I could probably tweak my old ECE 467 projects to demodulate GSM down to its datastreamin not too long, while CDMA would be a LOT harder.

Re:GSM ... and CDMA?

[mercuryresearch]

You're not thinking like a hacker would on this.

Think about it -- all the hardware you need to demodulate and decode a CDMA signal in realtime is present in a CDMA phone, so it's only a matter of understanding/controlling the hardware and figuring out how to capture the right spreading code and any other keys in use.

Given that, the hardware is probably close to free once you've figured out how to control a phone or download new software to it.

Re:GSM ... and CDMA?

[boster]

At AUUG '99, Qualcomm's Greg Rose pointed out in a presentation some key things to keep in mind out the encryption features various wireless protocols:

1) They are seldom enabled by network operators. And good luck finding out which ones are and aren't...

2) When they are enabled, most implementations are so poor that you don't get anything by turning them on. (IIRC, one of the most common schemes revolves around the psuedo-random number sequence used to encrypt the data stream (new number for each chuck (or set of chunks) of data. Fine, but apparently virtually all the implementations restart the sequence with the seed of 0 for each new call. So the sequence is completely known in advance.)

Point (2) is an illustration of a point I think is key to computer and network security: Security is hard, even on paper. Implementing something is just as hard again. The security systems are remarkably brittle: virtually *any* little mistake can completely break the system (more so than most software).

Re:GSM ... and CDMA?

[JahToasted]

So if you encrypt all your documents with PGP, all I need to do to read them is buy a copy of PGP and reverse engineer it?

Re:GSM ... and CDMA?

[mercuryresearch]

No, but once you have the keys, that copy of PGP will decode it.

There's no need for you to spend a bunch of time/money rewriting something that already works -- you can concentrate on the hard problem of figuring out the key instead.

Re:How does this affect US/Israel relations?

[Trigun]

Countries cannot prevent this type of research, they can only censor it after the fact. I find it hard to believe that the Israeli government was monitoring all university programs of study to prevent violations of a law a dozen timezones away just so that their buddy-buddy (read: lapdog) doesn't get all upset.

And if they are, that's no democracy.

Goverment can evesdrop anyway

[epsalon]

The encryption is only between the handset and the base station. The goverment can easily evesdrop at the cellular provider (after issuing a warrant).

the new 3G ad campaign

[Alien+Being]

"they can hear you now."

"they can hear you now."

3G phones safe

[e4liberty]

From theReg...

Both parties agree that the issue does not affect 3G phones, which use different protocols and security mechanisms than legacy GSM handsets.

Old hat!

[Noryungi]

Hmmm. If I remember well, other Israeli crypto researchers, including Pr Shamir (of RSA fame, Rivest - Shamir - Adelman) mentioned a couple of years ago that GSM crypto could, theoretically, be cracked almost in real time by a (relatively) low-powered machine.

GSM specialists have known for a number of years now that GSM crypto was not that good. Interestingly enough, GSM crypto was designed by French 'military specialists', which has raised the usual (probably justified) suspicions of backdoors.

Sorry for not being able to produce more info, but I am sure other Slashdotters will have interesting links to supply...

Instant Cryptanalysis

[IRandom]

The novelety of this attack is that it is instantanous. The cryptanalysis is done one when the call is being established (when the phone just rings) even before any any real conversation is being done.
The exact details are still secret but the attack exploits a misuse of Error Correcting Codes (ECC - are used in communication protocols to correct random noise errors).
It seems that instead of encrypting the conversation and then employing ECC, the GSM does it the other way thus leaking enough data for the cryptanalysis to be performed

Mod parent up

[InterruptDescriptorT]

Not only does the US fund the weaponry that allows the illegal incursions into Palestinean soveriegn terrority (in the name of "the war against terrorism"), it allows the Israeli people to have one of the highest standards of living in the Middle East while families in Palestine starve and worry about food, clean water and medical care.

And Americans cry and wail and wonder why (and I actually heard this coming from some Midwestern mother of three after some recent attacks in the Middle East) why do they hate us so much? They must hate our freedoms .

Yeah, that's it. They hate our freedom. Look how we continue to support a regime that enslaves and subjugates the Arab people of the MIddle East for the US's own oil thirst. No wonder this is the stupidest country on the planet.

Re:Mod parent up

[admbws]

while families in Palestine starve and worry about food, clean water and medical care.

Well, much that is taken care of by Hamas.

Which may go some way to explain why they are so popular.

The DMCA has nothing to do with this.

[lennart78]

DMCA stands for Digital Milennium Copyright Act, and prevents the circumvention or cracking of copyright prevention, not of just any form of encryption.
Sure, some lawyer will be able to construct a lawsuit out of this using the DMCA as a leverage, especially since this news will allow people to spread massive amounts of FUD in order to make a quick buck from the techno-illiterate masses, but I don't think the DMCA is violated here.

I don't think it will affect US/Israel relations. The relation the US has with Israel is mostly born out of the massive jewish lobby in the US, who indirectly determine the course of the nation, just like for instance the NRA or the entertainment industry is doing. In order to alter the relation between the US and Israel, you must alter the realtion between the jewish lobby in the US and Israel, and I don't think that's something we'll see soon...

In unrelated news ...

[Lumpish+Scholar]

The GSM Association ... confirmed the security hole but said it would be expensive and complicated to exploit....

In unrelated news, the National Security Agency requested an emergency budget increase of $13.5B. When ask for justification, the head of the NSA was heard to say, "Warrants? We don't need no stinkin' warrents...."

Design flaw or Feature?

[sigxcpu]

It has long been suspected that GSM encryption was specificaly designed with some 'weak spot' to allow law-enforcemant monitoring.
Does anyone know if the article is available online?
I'd like to know if this flaw looks more like a mistake or somthing more intentional.
None of the meadia people who spoke about it seem to understand that "Instant Ciphertext-Only Cryptanalysis" means you are effectivly not protected at all.

Re:Design flaw or Feature?

[Jetifi]

Law enforcement taps take place within the telco infrastructure: i.e. after the conversation has been received & decrypted by the base station.

According to Ross Anderson, most inter-base station communications is done via microwaves, (because the landline infrastructure is generally owned by a competitor), and IIRC most of the microwave transmissions are in the clear.

Transport-level privacy between handset and base station was provided by two ciphers of different strengths: A5/1 for Europe & the USA, A5/2 for export (and Australia :-)

A5/1 turned out to be trivial (3 LFSRs?), and could be cracked in realtime on a 2000 PC. Also, the last ten bits of the key were always zero. So A5/1 was deliberately weakened. Who can say how bad A5/2 was. A5/1 has been replaced by A5/3 for most GSM networks.

Re:Design flaw or Feature?

[Jetifi]

That the last ten bits of the key is zero is not a weakness in A5/1 but a deliberate weakness in the system. - Yeah, I was trying to say that but I guess I wasn't too clear.

I haven't seen anything much on A5/1, the only mention in the Biryukov-Shamir-Wagner paper was ''At the rump session of Crypto 99, Ian Goldberg and David Wagner announced an attack on A5/2 which requires very few pseudo random bits and just O(216) steps. This demonstrated that the \export version" A5/2 is totally insecure.''.

I haven't seen any actual reports of A5/3 rollout, just snippets of marketing BS promising Q3 02.

Re:Design flaw or Feature?

[sigxcpu]

Law enforcement taps take place within the telco infrastructure: i.e. after the conversation has been received & decrypted by the base station.

That is good if all you need is evidance. But if you need tactical intel during an operation, live realtime intel is pricless.

Re:Design flaw or Feature?

[HiThere]

O, great! A reason to drive while talking on a cell phone. Just what we need.

Reuters article more balanced

[winkydink]

At least they point out that the equipment required costs about $250k.

Re:Reuters article more balanced

[sigxcpu]

No, thay quoted a guy saying he sels the __current__ GSM cracking equipment for $250k.

Re:Reuters article more balanced

[winkydink]

I suspect that 3G (not vulnerable) will be widely deployed before the price drops enough for that the average script kiddie can buy one at La Shaque de Radio

Good for 3G.

[a_n_d_e_r_s]

The sales of 3G are dissapointing. But now the tele-coms who have bough expensive 3G contracts all sigh in relief.

Finally one reason for people to upgrade to 3G.

The people behind this

[epsalon]

Prof. Eli Biham and Elad Barkan. Both good friends of mine.

inflate, then encrypt

[valentyn]

From http://israelemb.org/sanfran/News&Media/full/03/se p/02#c

"Elad found that the GSM network does not work in proper order: First, it inflates the information passing through it in order to correct for interference and noise and only then encrypts it," Biham told The Jerusalem Post. "At first, I didn't believe it. We checked it, and it was true."

That probably means higher predictability for the encrypted data.

REMOB anyone? *GOV CAN TAP YOU*

REMOB anyone?

REMOB (Remote observation mode) is a TSPS console feature of the american telephone system to allow inward ops to monitor a suspected phone that might be "off the hook" prior to interrupting the line for "life or dire emergency" with the 500Hz tone and issuance of the frequently heard phrase "This is the att operator do you wish to disconnect this call you have an emergecy phone call from ...."

but PRIOR to that for 30 second maximum bursts you get to hear an inverterted sound wave... which you can record.

better... the fbi has is setup to cascade overlapping series of REMOB snippets so when one ends (on any CLASS capable ESS r5) another takes over.

This way no interrupt chirp is heard by the victims, and lots of trivially "scrambled' speech can be secretly recorded.

i have never ever ever seen this in print or any edoc in history of phreaking.

I have seen telephon reps state to congree that REMOB did not exist.

it exists.

it does not take outside intercepts (ECHELON) as reported on 60 Minutes, or any NRO or NSA budgets,

it only takes a 6 digit code and the correct connections to do REMOB.

REMOB makes intercepting cell phones laughable in comparison.

besides... the German Gov records ALL cell phones under that alleged statement that in theory it COULD intercept the airwaves anyways if they tried. Remeber the slashdot article?

also the us gov allows no-warrant affixing of GPS locater emmitter bugs under your car frame under the assumption that it could visually track you from their air if they had the money anyways. Remember the Scott peterson case this summer? No initial warrant to put the gps bug on his car.

recording and intercepting ALL cell phone traffic at the point of origin on the LAND LINES is what the fed gov assumes is their right!

no need to mess with intercepts.

July 1983 the us supreme court ruled the public had a right to intercept and use all radio trasmissions INCLUDING call phones. Then they pverturned it partly years later.

today it is LEGAL for the cops to buy and sell equipment to record cell phones, but not the public across state borders. you have to build it from scratch yourself for your own hobbyist needs... and then its legal to use.

but REMOB is far far more humorous.

I know it exists.... first hand

Re:REMOB anyone? *GOV CAN TAP YOU*

[DarthTaco]

...get to hear an inverterted sound wave...

...and lots of trivially "scrambled' speech can be secretly recorded...

If you invert a sound wave, it basically sounds the same. Try it on your computer.

Wishful thinking

[Omni-Cognate]

From the Reg article:

Both parties agree that the issue does not affect 3G phones, which use different protocols and security mechanisms than legacy GSM handsets.

I don't have the sales figures to hand, but I don't think GSM can really be called a "legacy" technology yet. IIRC Britain only has one provider 3G service provider, which has had a fraction of the expected number of subscribers.

Re:Wishful thinking

[stratjakt]

Why dont you look up the word legacy before posting something so dopey? Legacy doesnt mean obsolete, just that the newer technology came out of the older technology.

The G4 is a legacy Mac. My 2.53ghz Northwood P4 is a legacy CPU, with a legacy 533mhz fsb.

Re:Wishful thinking

[wirelessbuzzers]

Do you have a reference for this?

Why dont you look up the word legacy before posting something so dopey? Legacy doesnt mean obsolete, just that the newer technology came out of the older technology.

Until recently, legacy was only a noun. As a noun, it means "something handed down from the past." It isn't in my dictionary as an adjective, nor is it on any of the dictionaries of dictionary.com as such. I've personally only heard it used (as an adjective) to mean an obsolete system which has not been replaced because of the difficulties involved (either in terms of infrastructure or applications). This would certainly mean something "handed down from the past."

Encarta was the only dictionary I found that lists an adjective form: "associated with something that is outdated or discontinued"

According to this definition, a legacy system must be obsolete.

Re:Wishful thinking

[Omni-Cognate]

Whether you would describe GSM as "legacy" depends on your interpretation of the word. I would interpret "legacy" systems as systems you would like to get rid of from a technical point of view, but can't for operational or cost reasons.

GSM is an extremely popular and effective means of providing mobile voice communications and low-bandwidth data comms. UMTS is a way of providing high bandwidth data comms in addition to the same services.

Whether the market for high bandwidth mobile comms picks up or not, there will be a huge ongoing demand for simple mobile voice comms. This demand is already pushing the GSM networks to capacity and will not abate as high bandwidth takes off.

So you have to provide a large amount of voice comms in addition to high bandwidth data, so how do you do this? GSM systems are cheaper than 3G, they are tried and tested, and the networks already exist. They provide an excellent solution for voice comms. If you only wanted voice capacity, I think you would almost certainly choose it over UMTS for technical reasons (not least because "cell breathing" effects, code assignment and the larger number of base stations required for UMTS make for very tricky network planning).

So is this an outmoded system which is lingering because it is too expensive to replace, or is it a technically effective means of providing the large volumes of voice calls we are likely to continue to need for the foreseeable future? I reckon the latter. In fact, with handover problems solved it is an excellent complement to 3G. So no, not a legacy system and not likely to be for a quite some time.

There's a fix already?!

[brianjcain]

"The Association said an upgrade to the A5/2 encryption algorithm, available since July 2002, addresses the security weaknesses highlighted by the Israelis."

Okay...The networks can issue new SIMs and update their switches. If they're soft switches, then it should be all the easier of an upgrade. Those of you who have GSM network operators (like Orange, BT, FT, T-Mobile), petition them to take this fix seriously. You pay for a service that they advertise as being secure. However, if you were worried about lawful conversation intercepts, there's already something in place to support this (refer to ETSI TS 101671).

no privacy on mobile phones

[FuzzyBad-Mofo]

In the bad old days of analog mobile phones, there wasn't even encryption on the signal. You could literally walk into Radio Shack and walk out carrying a scanner capable of receiving mobile phone frequencies. (They eventually banned the sale of scanners capable of receiving those frequencies.) Later, TDMA and CDMA technologies made it more difficult to intercept signals, but all that's required is the right decoder.

Encryption of the call is a fairly recent trend and I think it's a terrific idea, but any encryption can be broken in time. While the odds are low that someone may be listing in, guaranteed privacy is impossible.

I think as a whole, we tend to trust in technology without really understanding it. I'm reminded of two engineering students who were visiting my apartment in college, and showing off their new cell phones by one calling the other. They were quite surprised when I was able to intercept their call with a cheap radio scanner. They had no idea their call was not private, simply assuming that the technology was secure. It wasn't.

Re:no privacy on mobile phones

[wirelessbuzzers]

Encryption of the call is a fairly recent trend and I think it's a terrific idea, but any encryption can be broken in time. While the odds are low that someone may be listing in, guaranteed privacy is impossible.

This statement is misleading, if not downright false. First of all, a one-time pad cannot be broken, time or no time, if you have a good random source. Of course, this is impractical by itself, because you have to transport the pad.

Quantum "encryption" is being developed, and has already been used for line-of-sight transmissions over several miles. It isn't really encryption, but a method to detect eavesdroppers, and can give "guaranteed privacy" against them, at least over an optical link. You can't use it in radio, though.

Now, on a more practical end, there is no publicly known way to crack, say, a 448-bit Blowfish key. And don't give me that "with time" garbage. No amount of time and Moore's law could allow you to brute-force such a key; there isn't enough free energy in the universe. Realistically, you have to find a weakness in the code or the protocol.

I would agree with you that perfect-as-far-as-we-know privacy is impractical (watch out for those spooks with parabolic microphones), and truly "guaranteed" privacy is in impossible (how do you know that a Tibetan psychic can't just read your mind...), but "pretty good privacy" (heh), meaning, say, privacy worth betting your life on against major governments, is quite possible, and privacy good enough to stop random people from snooping your calls is fairly easy.

Re:no privacy on mobile phones

[RzUpAnmsCwrds]

The US has had encrypted GSM since 1994. We've had CDMA, which is somewhat secure, since 1995.

The first GSM rollout in Europe was in 1992.

So, please, don't give me this "run-down" bullshit. Heck, we already have widely deployed 3G data services from two providers (1xRTT from Sprint and Verizon). Not to mention three GSM carriers, one of which offers unlimited GPRS for $20 a month.

CDMA has (Compared to 2.5G GSM):
- Bigger Cell Sizes (GSM has a 16km hard limit)
- 2x More Calls per Cell
- Better voice quality
- Faster data service with lower latency

Oh, and it copes with interference better, too.

Re:How does this affect US/Israel relations?

[mrtroy]

He also spelled "seam" or seem wrong

But his ideas are right. And Israel has been retaliated by all of its neighbors.

When you oppress people for so long, they will retaliate the only way they can, through suicide bombing and other means.

The most attended event at the conference.

[twoslice]

18:00-20:30

Beach Barbecue
Bar 18:00-20:30
Buffet 18:15-20:30
Dessert/Coffee 19:00-20:30

I wasn't there but I just know that everyone showed for the beach barbecue with the open bar and grub all night long.

Re:The most attended event at the conference.

[stratjakt]

So, 6 til 8:30 PM is an "all night long" party to you?

That is so very, very, sad.

Re:The most attended event at the conference.

[twoslice]

My shot glass is a slurpee container....

Unbreakable!

[ArmenTanzarian]

G SCMaGnS MyGoSuM GhSeMaGrS MmGeS MnGoSwM?G

Re:How does this affect US/Israel relations?

[lederhosen]

So you argue that we should not have retaliated
the nazist? And that the US should continue to arm
Nazist when slaughtering Judes, Homosexuals and
other disturbing ellements? I, for myself, think
that if *any* country, Israel should know better.

Or maby you call the resistance (judish and other)
in europe just terrorist that did not like the
freedom offered by the nazis???

I can not spell good because I am not that great
at speaking or writing english.

Uh what?

[bigjnsa500]

So if professor publishes this, its all fine and dandy, but when a citizen publishes an eBook hack he's arrested? What gives?

Re:Uh what?

[AyeRoxor!]

"So if professor publishes this, its all fine and dandy, but when a citizen publishes an eBook hack he's arrested? What gives?"

While I appreciate your zeal, you must see the difference between exposing a weakness in a worldwide method of encryption, and demonstrating how to read Harry Potter on your iMac.

Re:How does this affect US/Israel relations?

[mrtroy]

I thought that you were a history buff.

Genocide is what you want? They are in an open state of war that is stagnating because doves won't allow Israel to simply push all the Palestinians into the sea - as they should have done long ago.

I thought after rarely escaping that, the Jewish people would not want to ever do that to anyone.

Discrimination is clouding your judgement

Patents for criminal activities

[Guiri]

You gave me an idea. Right now I'm patenting:

• Using a hammer to crack someone's head
• Stabbing someone to death

Now all psychos will have to pay me in order to perform their activities.

irrelevant?

[TheFranz]

Why should all of these law enforcement agencies go through all these troubles? Why not just go to the telco and ask them nicely, I know that some countries (The Netherlands for instance) only give out GSM licenses to telco's who are willing to record all of the conversations done on their network. Law enforcement agencies must have Access to this database. I'm sure The Netherlands isn't the only country with this kind of "license restriction". The stuff needed for this type of eavesdropping is expensive and I think in most countries irrelevant.

A Wise Man...

[Esion+Modnar]

...once said to me that he would much rather have criticism than praise, since praise did nothing for him, and made him feel awkward and embarassed.

Criticism, however, allowed him to improve himself.

Patented = Published = DCMA Unconstitutional?

[G4from128k]

If this cracking method is indeed patented then it must be publicly released for anyone to read and understand. But public release would seem to violate DCMA and stifling the publication would seem to violate the constitutional underpinnings of the patent system (to encourage innovation by both granting monopolies and making inventions publicly accessible for further innovation). Does this make DCMA unconstitutional???

Re:Patented = Published = DCMA Unconstitutional?

[HiThere]

The DMCA was already unconstitutional. But it's effective until somebody challenges it in court and wins at the level of the Supreme Court. Don't hold your breath.

Re:How does this affect US/Israel relations?

[TWX]

Well, since the religion card has been played...

"I thought after rarely escaping that, the Jewish people would not want to ever do that to anyone."

Maybe it's the Christians in conspiracy, using the Jewish Israelis without their realization, to get back at the arab world for forcing the Christians into the sea at the end of the Crusades...

Rome has been awfully quiet about the whole affair, after all...

The preceding post is categorized as sarcasm, for the humour impaired

Re:How does this affect US/Israel relations?

[mrtroy]

The Israelis have done nothing to show they want peace.

And as for your "Palestinians arent a race" arguement so you can kill them all and its not genocide...that is outrageous. So you can kill all the Jewish people in North America because well, hey! theres more in the world!

That is idiotic.

Typical

[zeugma-amp]

The article states... The GSM Association admits the Israeli researchers are onto something but say the attack requires the use of complex technology, which few phone phreakers have access to, and would need to be targeted at a specific caller.

I see ... in other words. They only people you have to fear is your government and large companies.

Is anyone else bothered by the fact that governments all across this planet of ours seem to think that the only kind of secrecy that is a good thing is goverment secrecy?

They should be happy

[famazza]

• The GSM association is not happy.

They should be happy. It's an opportunity to them to refine their techniques and improve users protection.

IMO people should understand that errors found are opportunities to improve quality. Not a way to point incapacity.

Re:They should be happy

[MikShapi]

Yep. They definitely should be.
That way they can make a new (slightly more secure) standard, call it GSM2, and then sell us another 850 million phones that support it.

Re:They should be happy

[Repugnant_Shit]

So Gates and Ballmer are probably the happiest men alive.

Another awful thread about Israel

[FuzzyDaddy]

I wince every time the subject of Israel comes up.

The problem is that it's a terrible situation for everyone over there. Surely everyone has a right to live in peace, and surely that's what most people, Palestinian and Israeli, really want. However, the problems there have become a proxy for everyone else in the world to line up against each other. Arab leaders use it to strengthen their position by distracting their people from their own problems. It has become a platform for conservatives and liberals in this country to each claim the moral high ground on, and to demonize each other.

Somehow, the world gets much more out of the conflict than it gets out of a peaceful resolution. If everyone thinks one side is truly evil, than only that side's elimination or expulsion is satisfactory. So how can peace be satisfactory to the world? Does the Arab world really have an interest in ending the conflict? Do people in the U.S. using it to demonize their political enemies on both sides have an interest in it ending?

I would like to go back there some day with my family and visit all the holy sites, wherever they may be, without fear of being wounded or killed. That is part of my stake. What is the rest of the world's stake?

Re:Another awful thread about Israel

[Mysticalfruit]

I'm in the same boat with you on this one. Whenever the whole israel/palestine subject comes up, I wince. The whole situation is amazing tragic. Not only in the lives lost, but also in futility of the whole thing. Isreal has a well equipped army and palestine has an almost unlimited supply of people willing to blow themselves up. Add to this, hardliners on both sides of fence who don't see compromise as a viable option, only obliteration of the "enemy". I guess the answer is obvious. We should just destroy the holy sites. Since nobody wants to share them, then nobody gets them. Better yet, do it from space with a big mass drive weapon, so nobody's at blame. Hell, we could even call it a message from "God" to live in harmony. Oh wait, they'd just start fighting over the rubble. *Shrugs* This ship is nice and all, but where're the escape pods...

Not as risky as you might first think

[Divide+By+Zero]

The encryption is in the phone, so the phone needs to be upgraded.

From the article on the Register:
"Both parties agree that the issue does not affect 3G phones, which use different protocols and security mechanisms than legacy GSM handsets."

You DO have one of the new phones, right? I mean, you ARE reading Slashdot.

I think this is what's going to keep it from being a problem legally - nobody's introducing phones to which this attack is vulnerable.

Re:Not as risky as you might first think

[NighthawkFoo]

I don't even have a cell phone, let alone a 3G model :)

Re:Not as risky as you might first think

[simm_s]

Damn it I just, bought a 3G cell phone!!!

Oh, well I did not expect it to be secure anyway.

Re:Europeans, mod this up!

[dsnail2000]

Unlike the reast of you, I will post with my own name and not argue anonymously. First of all, I am a proud United States Citizen who is currently working his way through college.

If you look at the United State's military budget, you would see that it is larger than most(if not all) of the world's military budget combined.

Do you think that Russia, any European country (and I will be nice and not pick on France), China or India could possibly deploy the same volume of troops and equipment in the same time span as the US?

If you are a student of Network Centric Warfare, then you would know that only the US of A has the current capability to land a certain number troops in any spot in the world in under 96 hours.

Should I even mention what country has developed the most advanced weapondry the world has ever seen? Russia may have some great engineers but they lack the capability to actually produce working and reliable weapondry. They have great ideas, but their implementation sucks. The Chinese and Indian's just copy whatever we develop.

Do you really think that Europe would throw in with the Chinese, Russians, and Indian's if Great Britain stayed out of it or even threw in with the US?

I think not!

Not to mention that the Russians and Chinese hate each other completely and the chinese and indian's aren't on the most friendly of terms either!

So... yes, I do believe that in a non-nuclear fight, we would beat Europe, China, Russia, and India.

Re:"The GSM association is not happy."

[Jetifi]

Did they have their design checked out by someone who understands cryptography?

A: No.

The hash function (A3/A8) used in the default implementation of the GSM protocol for the challenge-response authentication had a vulnerability of a type known about in the cryptographic community for years.

This wasn't a deliberate weakening, because this flaw had no real impact on the ability of law enforcement to intercept, and allowed cloning of GSM handsets: something that was definitely not supposed to be possible.

They've learnt from their mistakes though: the 3G protocol has undergone extensive public review , as has the ciphers they chose.

Re:How does this affect US/Israel relations?

[perly-king-69]

Hey, believe it or not, the US doesn't have legal jurisdiction in other countries.

That's right, I can drive on the left side of the road - AND NOT BE ARRESTED FOR BREAKING US TRAFFIC LAWS!

Operators couldn't care less

[daBass]

Like they didn't arrest a russian programmer? Granted, he was distributing working software. But still, the US lets Israel get away with many, many things they wouldn't let other countries.

The only other reason I can see for him not being arrested is the fact that GSM is not a US owned technology. That and the fact that operators couldn't care less, it is not like they hold copyright over your conversations...

Re:Operators couldn't care less

[Zachary+Kessin]

Because they would get creamed on the first amedment issues. If you take a first rank Professor at a well known university presenting an academic paper at a respected confrence. Thats about as protected as speach can get. And a univeristy like Technion can hire good laywers.

A guy that they can protray as a two bit hacker (right or wrong) can be painted in a very different light. But the first amendment types would have a field day if they arrested him. Of course he may decide just not to go the the USA and bypass the whole problem. But if you are going to have a test case in the courts this would be a good one.

Re:Operators couldn't care less

[cmdr_beeftaco]

Trial? First Amendment? This guy is obviously an enemy combatant and will be sent to Guantantmeno Bay if we get our grubby little hands on him.

so what ?

[lfourrier]

in many countries, GSM operators are required to turn encryption off.

Re:Instant Cryptanalysis

[mwood]

"...instead of encrypting the conversation and then employing ECC, the GSM does it the other way...."

Well, that answers my question about whether the standard writers had their design reviewed by someone who understands cryptography. *sigh*

Re:How does this affect US/Israel relations?

[admbws]

Kindly don't feed this troll anymore. It's obvious he doens't know what he's talking about - he's made false claims that Arafat and the Palestinian Authority is a terrorist/supports terrorism (which is untrue, probably got that from US/Israel propaganda without researching first), claims that the Palestinians don't exist (unfortunately there are a few million of them now, so they exist whether the Israelis and this jerk likes it or not), and notice the double standard when he claims that the Palestinians should have been annhilated/pushed into the sea etc., yet condemning the (foolish) attempt by a bunch of (foolish) arab leaders when they tried to do just the same to Israel in the late 1960's!

Unfortunately, this is a view held my many ignorant Westerners who know nothing of the situation, and blindly believe all the propaganda from the governments and the media, and flatly refuse to believe that Israel is one half of the problem!

Legacy GSM?

[daBass]

Good to know that pretty much the whole world now seems to be on 3G, why else would the article speak of "legacy GSM handsets"?

Re:Legacy GSM?

[perly-king-69]

Actually most of the world aren't on 3G.

This link shows which networks offer 3G

And don't make the common problem of confusing of 2.5G with 3G

Re:Legacy GSM?

[daBass]

Ehrm, have you ever heard of the word "irony"?

Re:Legacy GSM?

[perly-king-69]

Apologies. Seems I'm too used to reading comments written by Americans.

Re:Legacy GSM?

[daBass]

ROTFL! ;-)

Re:Legacy GSM?

[jpu8086]

Uhhhhm, shouldn't the word be "sarcasm?"
Irony only applies if the stated facts are true.

Re:Legacy GSM?

[daBass]

Well, I was debating which to use in this case as I believe both of them to be applicable. I looked it up just now and irony, as I believed, also has a meaning other than (though closely related) the one used in the Alanis Morisette song:

Irony: The use of words to express something different from and often opposite to their literal meaning.

Sarcasm: A form of wit that is marked by the use of sarcastic language and is intended to make its victim the butt of contempt or ridicule.

You could say I was using irony as a form of sarcasm!

What is the difference between MI5 and MI6 anyway?

[emil]

I hear them referred to as Brittish foreign intelligence all the time.

Re:What is the difference between MI5 and MI6 anyw

[ePhil_One]

Re:What is the difference between MI5 and MI6 anyway?

Well you see, its one higher.

Very expensive machine to crack?

[rafael_magu]

I don't know, but I'm feeling that this is somewhat not true... If a cell phone processor can decrypt the code (not crack it!) so quick, how come a 2Ghz processor can't crack it? Advice for those of you who already area midway through the solution to this problem: Try locating the university's servers... []'s magu

Re:Europeans, mod this up!

[perly-king-69]

America is invincible. Other countries will never advance any farther than America wishes them to advance.

Carthage was invicible until Rome turned up.

Rome was invincible until the 'barbarians' turned up.

The Inca were invincible until the Spanish turned up.

There is a proverb from Belarus - Keep one eye on the past and you are half blind. Forget the past altogether and you are totally blind.

Re:Europeans, mod this up!

[dsnail2000]

I am also shocked to see that you replied to my post.

However, I am interested in what facts you have to back up your statement:

"Still, your post is misinformed nonsense, but you can't help believing what your press says."

I also will carry the burden of proof if you should decide to challenge me on any of my facts.

Sincerely,

David

P.S. -It only took me about 2 minutes to type that last post, I am a fast typist.

Re:What is the difference between MI5 and MI6 anyw

[Zocalo]

MI5 is the old name for what is now officially the "Security Service" and is concerned with domestic security, although it does operate oversees. MI6 is the old name for what is now officially the "Secret Intelligence Service" and is concerned with foreign intelligence affairs, it supposedly has zero domestic mandate. There are also GCHQ (Government Communications Headquarters), JIC (Joint Intelligence Committee) and several other things under the auspices of Special Branch and the like.

For USians, the roles equate as follows:

MI5 = FBI

MI6 = CIA

GCHQ = NSA

JIC = Senate Oversight Committee (*very* roughly)

Flaws in GSM are old news

[dpb]

The existance of design flaws in /all/ current mobile phone communication standards are not exactly 'news'. Ross Anderson devotes several pages to thes e flaws in his book Security Engineering: A Guide to Building Dependable Distributed Systems

BTW, if you haven't already read this book & are even slightly interested in security, I can strongly recommend it. It covers everything from smart cards, nuclear command & control, radio monitoring, GSM, ATM & credit cards, biometrics, through to the standard encryption protocols & e-commerce.

Name Dropper!

[diatonic]

here is your cookie...

Is that because

[RMH101]

...they have about a 20 minute battery life and the chances of having anyone else with a 3g phone to call in that time are minimal?

Oh, and 3G calls to GSM mobiles are presumably still open...

Don't think DMCA applies here, does it?

[siskbc]

GSM is a published algorithm, is it not? As such, he wouldn't have to reverse-engineer anything. I don't believe the DMCA covers criticizing something that has an open spec. It's not his fault he's the only one who had the insight.

They have an *incredible* need

[morcheeba]

True, hopefully they'll act legally when dealing with domestic carriers, but internationally, it's a totally different story. No Chinese carrier is going to allow the US government to tap in. Heck, even British Telecom probably wouldn't let them... and even if they did, the US government would want to absolutely minimize the chance that the victim could find out about the tap -- and a good step towards that is keeping all information within their own organization (and not in the hands of a private or foreign-governement-owned phone carrier)

Re:They have an *incredible* need

[glesga_kiss]

No Chinese carrier is going to allow the US government to tap in. Heck, even British Telecom probably wouldn't let them

Welcome to the USA/UK pact. It's illegal in both countries for the inteligence communities to spy on their own citizens. We spy on yours, you spy on ours, data exchanged, problem solved.

Or have we found a Slashdotter that isn't aware of Echelon. Surely not!!

CDMA harder but not intended as encryption

[tessaiga]

CDMA is indeed tougher to demodulate than GSM, the reason being that each GSM signal uses the same carrier (basically it encodes bits by modulating phase; the technical term is Gaussian Minimum Shift Keying, or GMSK). CDMA, on the other hand, has each user use a different "spreading code" in an attempt to make signals from different users orthogonal. The purpose of the spreading code is to take your nice orderly stream of bits, and turn it into a random-looking sequence. At the other end, the receiver knows what sequence you're using, and it can undo this transformation. As a side effect, your code is chosen to try to be orthogonal to other people's codes, so that at the same time demodulating your signal nulls out other people's signals, so your interference is reduced.

The reason there's some security in this process is that if a 3rd party doesn't know your spreading code, they won't be able to demodulate your signal -- you're going to sound like so much noise to their receiver, even if they have the proper CDMA decoding hardware. Having said that, this "encryption" supposedly isn't difficult to crack; Phil Karn from Qualcomm posted a discussion on CDMA security to a crypto list about this a while back. Here's a snippet:

There is essentially no "encryption" in the usual sense of the word in CDMA. It is true that the complexity (and until recently, the obscurity) of the modulation method provides some modest protection against casual eavesdropping (e.g., someone with a Radio Shack scanner). But phones containing the necessary ASICs are now being shipped by the hundreds of thousands per month, and as I said earlier the complete air interface spec has been public for some time.

I remember hearing a lecture on CDMA where the professor described a favorite tactic of hackers being to hang out with scanners over bridges, where people's connections would cut out, and grab their codes when the phones tried to resync with the base stations as cars exited the tunnel.

Someone Set Up Us the Bomb

[TexVex]

From the article (emphasis mine):
...tap into a conversation while a call is been set up and a phone at the receiver's end...

I guess somebody set up us the bomb!

Forgot something...

[Atticu5]

I don't even have a cell phone, let alone a 3G model :)

...you insensitive clod!

Cypher text only or MitM?

[R.Caley]

The report says you need to play man in the middle, the paper title claims cyper text only. Does anyone with the relevent background know which it is?

Is the GSM association clueless?

[sniggly]

The GSM Association, a trade group for suppliers and mobile network operators, is downplaying the problem. It admits a potential vulnerability exists but argues that this would be very difficult to exploit in practice.

Does anyone know if its possible to make a device that exploits such a vulnerability?

I don't buy into the very difficult to exploit crap. As far as I can tell from this information (but IANAHE - im not a hardware engineer) it would be possible to design hardware that can systematically exploit this vulnerability and it would be a godsent for governments of countries with less than adequate constitutions and really handy to have for large companies who would like to hear what their competition has to say. It would be an extremely valuable device. Very difficult to exploit in practise, maybe, worth it to some? totally..

Bruce Schneier's comments on GSM security

[frozenray]

Schneier commented on GSM security in a 1999 CryptoGram newsletter, referencing research from 1998 and 1999. Quoting from it:

What's most interesting about these algorithms is how robustly lousy they are. Both voice-encryption algorithms are flawed, but not obviously. The attacks on both A5/1 and A5/2 make use of subtle structures of the algorithm, and result in the ability to decrypt voice traffic in real time on average computer equipment. At the same time, the output of the A8 algorithm that provides key material for A5/1 and A5/2 has been artificially weakened by setting ten key bits to zero. And also, the COMP128 algorithm that provides the keying material that is eventually weakened and fed into the weakened algorithms is, itself, weak.

And remember, this encryption only encrypts the over-the-air portion of the transmission. Any legal access required by law enforcement is unaffected; they can always get a warrant and listen at the base station. The only reason to weaken this system is for *illegal* access. Only wiretaps lacking a court authorization need over-the-air intercepts.

how expensive is this?

[iceco2]

The GSM says the attack is difficult and expensive
to implement, I am not so sure.

I havn't read the papers my self but I do
discuss cryptology with Elad on a regular basis,
It is my understanig that besides the weakness
Elad found, they plan on using some time/memory/data
tradeoff to actually preform the attack.
The error correction code fiasco just elimenates
the need for some known plaintext(as was needed in
previos attack by Dunkekman(Who, epsalon you might
know had littleto do with this new attack).

If I understand things correctly, you need
significant computer power to get going, but
after your done preprocessing, also a very weak
cmputer with a cell-phone attached to it,
will be able to listen in on any call, easily.

I don't have numbers as to how easy is this
exactly.
I would recommend reading up, the following
article showen in crypto right after:
Making a faster time/memory tradeoff.
and another paper on
stream ciphers with low sampling rates.

This is what Elad has been reading up on,
probably has a lot to do with this attack.

seems to me the GSM are not being accurate.

Re:Basic flaw in GSM

[Brian+the+Bold]

But you can't.

The error correction is there to cope with the multipath fading environment that distorts the radio channel. Without the error correction the encrypted data you decrypt would be garbage and would not decrypt to what it was originally.

Re:Europeans, mod this up!

[perly-king-69]

Troll? Nope, just replying to the OP's myopic view of American 'invicibility.'

Official Term for "Illegal Wiretap"

It's "an anonymous tip"...

Re:Hmm..

[AyeRoxor!]

Why is this flamebait? Each side thinks the other is a terrorist. Has Slashdot picked an official side, rendering any who have differing opinions as trolls?

GSM has been Toast for years

[billstewart]

There's some nice summary on gsmsecurity.com, but Ian Goldberg did one of the early critical cracks and revealed that 10 of the authentication key bits were set to zeros. GSM has a set of algorithm for the call authentication, and a set of algorithms called A5/1 and A5/2 for the voice encryption. A5/1 was the "stronger" algorithm used in "superior" countries, and A5/2 was the weaker version for "inferior" countries. It turns out that A5/1 is pretty weak, and A5/2 is far weaker, and the fact that Ian could cryptanalyze the system over lunch indicates that it wasn't designed by competent cryptographers.

The initial work didn't totally blow the system open and make on-the-air cracks easy, but it showed that the system was incompetently designed as well as deliberately weakened further, and was yet another reminder that Closed System Design is even worse in cryptography than in software. Subsequent work by people like Biham and Wagner keeps making it worse, and of course computer equipment keeps getting cheaper and larger, which means that attacks that need "hundreds of GB of disk" cost you $200 at Fry's rather than $200000 at the NSA Spook Equipment Shoppe.

In the US, GSM is still a security improvement, weak as it is, because the government bullied the digital cell phone system developers into using even weaker and more broken algorithms (back when they could pretend they were worried about Commie Spies rather than trying to facilitate illegal wiretapping.) (And of course analog cell phones didn't have crypto at all.) But even then, many of the cell phone companies don't bother turning on the crypto - Nokia phones give you a nice friendly indication that they tried to use it and got rejected.

Re:GSM has been Toast for years

[billstewart]

No, it's much worse than that. The big obfuscation was keeping the algorithms secret except from manufacturers, but eventually somebody leaked a copy of them to the net, and it was obvious from the design that it wasn't very strong - the structure was kind of like a fast fourier transform, which suggests some electrical engineer probably cobbled it together.

Re:GSM has been Toast for years

[rifter]

In the US, GSM is still a security improvement, weak as it is, because the government bullied the digital cell phone system developers into using even weaker and more broken algorithms (back when they could pretend they were worried about Commie Spies rather than trying to facilitate illegal wiretapping.)

No worries, now they can pretend they are worried about terrorists flying planes into buildings when they are really just trying to facilitate illegal wiretapping. ;)

Adjust your tinfoil hat, guy.

[rjh]

At great risk of sounding like the Voice of Reason (and God knows how Slashdotters hate that!), could you please present some evidence to back up your assertion that the United States and United Kingdom are colluding to break the laws of both nations?

Look up the Federal laws: if it is illegal for a Federal agency to do $foo, then it is also illegal for a Federal agency to have a third party do $foo on their behalf.

If I break into a home and see a kilo of cocaine lying around, I can then go to the DEA and tell them. They can use my testimony to get a warrant to search the home and impound the drugs. Why? Because I didn't commit the crime on their behalf; I came in entirely of my own accord; there was no understanding between the DEA and myself that "if I see any drugs, I'm going to bring them to your attention".

But if the DEA asks me to break into a home, they'd better damn well have a warrant, otherwise they're breaking all manner of Federal laws.

So what you're positing is there is a tacit understanding between the US and UK that each will spy on the other's citizens and share with each other the fruits of those actions. Hmm. This sounds mind-bogglingly stupid.

Why?

Free hint: this is a Federal crime.

Free hint number two: the FBI and NSA do not get along.

Free hint number three: the FBI is the one with the charter to spy on American citizens--not the NSA.

Free hint number four: the FBI protects its jurisdictional turf very zealously.

Free hint number five: the FBI is one of the nation's intelligence agencies, co-equal with the CIA and NSA. The FBI has no charter to collect intelligence from foreign sources; the CIA and NSA have no charter to collect intelligence from domestic sources.

Free hint number six: if the NSA were to really be involved in this, the FBI would be doing a full-court-press investigation into the matter. (a), because it's a clear and massive violation of Federal law, and more importantly, (b) THE FBI DOES NOT SHARE ITS JURISDICTIONAL TURF.

Period.

So if you have any hard facts proving this tacit agreement, I'd love to hear it. If you have hard facts about it, then I'll talk to my FBI friends tomorrow and tell them about it.

I guarantee you they'll be pissed off.

Re:Adjust your tinfoil hat, guy.

[thoromyr]

I'm sorry that I'm not giving you verifiable facts, but it is *absolutely* true that this is going on. The US gov't hires civilian agencies to do its dirty work and cooperation with the UK is fairly close. Is it technically legal? I surely don't know, I'm not a lawyer. But I know from direct, personal experience that these things happen. You should be able to fairly easily verify the civilian end of things with some simple googling. I forget the name of one of the larger contractors or I'd simply tell you myself.

thoromyr

Re:Adjust your tinfoil hat, guy.

[Minna+Kirai]

The "Voice of Reason" often sounds suspiciously like the "Voice of Naive Optimism".

Look up the Federal laws: if it is illegal for a Federal agency to do $foo, then it is also illegal for a Federal agency to have a third party do $foo on their behalf.

Yes, it sounds simple and logical. But there's many examples of the US government breaking straightforward prohibitions. Just look at how many times EO 12333.2 was violated in the past 2 administrations! (And the medals considered for doing so...)

Regarding the Feds hiring something to perform acts which are illegal for them, this most commonly occurs with the recruitment of "bounty hunters". Bounty Hunters are licensed by the government to aid in law enforcement, but they're not bound by the 4th or 5th amendments of the Bill of Rights.

They don't need a warrant, they don't need to Mirandize you or allow a call to a lawyer, they can just go with the flow. They can commit B&E, kidnapping, assault, and murder. As long as they're acting in a good-faith belief that you're the perpetrator, a bounty-hunter can treat you as he likes.

Re:Adjust your tinfoil hat, guy.

[rjh]

I'm sorry that I'm not giving you verifiable facts, but it is *absolutely* true that this is going on

I didn't believe my NSA friends when they used that line on me. ("I can't tell you why PGP is so bad, but if you only knew what I knew...")

I don't buy it when you use that line on me ("it is absolutely true!").

Skepticism is a great tool. It's great to be skeptical about the government's claims of acting in your best interests. It's great to be skeptical of people's claims that the government is a nefarious conspiracy that routinely violates the law.

Either prove your statement, or else don't spread rumors you can't back up with fact.

Re:Adjust your tinfoil hat, guy.

[rjh]

Ever heard of the U.S. Marshals' Service fugitive-search teams? They don't bother with search warrants; after all, they're not searching for a criminal conspiracy and they don't care if evidence gets thrown out. They don't bother with arrest warrants; the people they're after have already been convicted. They don't bother with Miranda warnings; it's not as if the conviction can be retroactively thrown out because the perp wasn't Mirandized after his trial.

When it comes to fugitive apprehension, the example you're using here, the Bill of Rights is much, much quieter than you probably think it is.

Nor is this a new development; it's been this way in the USMS for at least the last twenty-five years.

Re:Adjust your tinfoil hat, guy.

[glesga_kiss]

could you please present some evidence to back up your assertion that the United States and United Kingdom are colluding to break the laws of both nations?

OK, so clearly you didn't follow the link I put in my post, where it pretty much says what I said on the main page

But, OK, that's just a website, anyone can post anything they want. So, here is the a BBC Q&A on it, and the results of a search on their site.

But, you may not trust the BBC for some reason or other. So here is the official EU report on it. It was released publically, IIRC, on the 13th Sept 2001, but obviously droped off the media's scope because of the events a few days before. Unfortunate timing, no big conspiracy there.

Echelon is real, and it has been admited to by several governments, excluding the USA/UK. It monitors faxes, phone calls and now the internet. It's not a tin-foil hat fantasy.

Oh, and meta-mods, please sort out the confused mod who gave me a "flamebait" point in my parent post above. I posted factual information that is both ontopic and relevant.

Re:Adjust your tinfoil hat, guy.

[rjh]

I never contested the existence of Echelon. I contested the existence of a secret US/UK pact to deliberately violate the laws of both countries. If you want me to believe that, you're going to need to present me direct evidence--not hearsay from third parties with their own private agendas.

Extraordinary claims require extraordinary proof. If you can't back up the extraordinary claim with extraordinary proof, then don't make the extraordinary claim.

Re:Adjust your tinfoil hat, guy.

[glesga_kiss]

Jeez, you are either a very good troll, or a bit slow today.

First, the existance of the UKUSA pack is shown in section 5.4.2 of the EU report, with documented references. So, there is no doubt that there is an agreement, above and beyond the normal relationship between nation states intelligence communities. The following, lifted from section 5.1 summarises these "clues":

The trail of clues which constitutes evidence of this kind is made up of three elements:

• evidence that the foreign intelligence services in the UKUSA states intercept private and business communications;
• evidence that interception stations operated by the UKUSA states are to be found in the parts of the world where they would be needed in the light of the technical requirements of the civilian satellite communication system;
• evidence that there is a closer than usual association between the intelligence services of these states. For the purposes of proving the existence of such an association, it is irrelevant whether this extends to the acceptance from partners of applications for the interception of messages which are then forwarded to them in the form of unevaluated raw material. This question is only relevant when investigating the hierarchies within such an interception association.

Also check out section 10.7, where many known examples of industrial espionage are listed. Most aren't directly related to Echelon however, but some are and in many cases the source of the data/wiretap is unknown. Take a look at the report. Do it now. Or stopping asking for proof when I am clearly showing it to you. Even a glance through the table of contents would have highlighted these fundamental points.

Using an elite hidden network for industrial spying is clearly against the law in both countries. Now, as I said, it is illegal for each nation to spy on it's own civilians. So, are you suggesting to me that (e.g.) the UK has no interest in intercepted communications of (e.g.) terrorist activities in Britain. And if the USA was to analyse the data and spot a risk to the UK, are you suggesting that the info isn't passed between the agencies? Given todays climate, that's pretty damn obvious that it's happening.

The EU report has the following, taken from the conclusion:

The US intelligence services do not merely gather general economic intelligence, but also intercept communications between firms, particularly where contracts are being awarded, and they justify this on the grounds of combating attempted bribery.

But that's makes it legal, OK? We may actually be splitting hairs here. This is what makes me think you are trolling. See, I never actually said they are breaking laws. The agreement is all about getting around the laws. They are violating the spirit of the law, but not the laws themselves. That's kinda the point of what I said!

Things are a bit different nowadays. Before it was widely acknowledged that this level of spying were possible, those in on it were free to give data to their business allegencies as they saw fit. However, in this age of scandal and improved awareness, I'm certain that the industrial espionage of Echelon is seriously curtailed, or at the very least limited to only a few groups. The risk of a major scandal could destroy important trading links between entire continents, and neither side what's to see that happen.

Re:Adjust your tinfoil hat, guy.

[rjh]

Using an elite hidden network for industrial spying is clearly against the law in both countries.

Cite me the law which says this, please? It's clearly illegal for a private citizen to do it; but the law allows intelligence agencies a great deal of flexibility to execute their duties, as directed by the Executive Branch of the government. Want to change this? Change the law or change the executive members of government who are giving these orders.

Does Echelon exist? Yes. Does Echelon exist to eavesdrop on electronic communications? Yes. Does Echelon exist to eavesdrop on United States communications? Well... that's a thornier question. The NSA is allowed to do it, at the explicit request of the FBI, after being presented with a judicial warrant, and with a couple of oversight committees being informed, but they're not allowed to do it of their own accord.

And you haven't presented one shred of evidence to suggest that it's being used illegally. Only that it exists, and since it exists it must be being used illegally--a cause-and-effect relation which I don't buy.

Do the US/UK signals intelligence services enjoy an extremely close relationship? Yes. Is this relationship formalized in classified agreements? Yes. Is the purpose of this relationship to evade the laws forbidding both governments from spying on their own citizens in violation of their laws? You seem to be claiming that "since the relationship exists, it must be being used for nefarious purposes."

Prove it.

I'm not asking you to prove Echelon exists, nor that a US/UK relationship exists, or that the NSA (in accordance with US law and at the order of executive officials in government) has spied on European industry to counter industrial espionage from the French DGSE. All of this is true.

I'm just asking you to prove your accusations that they are breaking the law. Which you haven't done, and which you seem incapable of realizing that the law might be very different from what you think it is.

Re:Adjust your tinfoil hat, guy.

[whereiswaldo]

Free hint number four: the FBI protects its jurisdictional turf very zealously.

FBI zealots? I just *knew* they ran Linux!

Damn you Johnathan Pollard!

[pair-a-noyd]

Stole your lawyers cell phone, hacked it in your "cell" and passed the codes on to your wife during a visit eh?

And you have the BALLS to beg to be set free after all this??!!

BAH! I think not!

Oh, give me a break.

[PhxBlue]

-1, Tinfoil Hat Conspiracy.

Re:Instant Cryptanalysis

[pastryp]

Does anyone have more information on this? Typically if you decrypt something which has errors, those errors become greatly magnified, and error correcting codes would have a very hard time fixing those errors. I'm wondering if the attack is exploiting something about the equalization training sequence and not so much error correcting codes.

PRN

[Detritus]

If they are using a LFSR (linear feedback shift register), a popular circuit for generating pseudo-random bit sequences, it isn't secure. Simple LFSRs are trivial to crack.

GSM crypto was always suspected to be weak

[dido]

From what I remember, the design of the GSM A5 cipher was always suspected to be weak. From Applied Cryptography:

A lot of strange politics surrounds [A5]. Originally it was thought that GSM's cryptography would prohibit export of the phones to some countries. Now some officials are discussing whether A5 might harm export sales, implying that it is so weak as to be an embarrasment. Rumor has it that the various NATO intelligence agencies had a catfight in the mid-1980's over whether GSM encryption should be strong or weak. The Germans wanted strong cryptography, as they were sitting near the Soviet Union. The other countries overruled them, and A5 is a French design. [emphasis mine]

Bruce Schneier then goes on to say that "There is a trivial attack requiring 240 encryptions." 240 is only some 1 trillion, definitely in reach using today's computers.

Yeah, the NSA has already been doing it, you can be sure of that, and further rumors about GSM crypto that I've been hearing say that the NSA applied pressure on the French as well to insert deliberate weaknesses. Maybe Biham & Co. just managed to find out some of the NSA's "easter eggs".

Don't Worry, Be Happy

[Detritus]

This isn't an issue for cell phone users in the United States. There is no encryption on your calls. So you don't have to worry about someone cracking the lame algorithm. There are secure cell phones available for GSM and CDMA networks, but they don't sell them to the proles.

I was at the talk...

[SiliconEntity]

...and as I understood it, there are two main GSM ciphers in use, A5/1 which is "strong" and A5/2 which is "weak". Both have attacks, but the one mentioned in the article which is very fast and effective is only against A5/2. The A5/1 attacks are more theoretical in that they involve known plaintext, meaning you have to guess the exact bits which were encrypted for some portion of the conversation. Plus they take enormously more work.

Apparently A5/2 is mostly used in the Middle East, including Israel. These are the people most affected by the new break. European GSM uses A5/1 which is still basically safe, it will be much cheaper to tap the landlines for those users. It is the Israelis and other A5/2 users who are toast.

Re:I was at the talk...

[billstewart]

A better description is that A5/1 is "weak" and A5/2 is "very weak". The FAQ says that Alex Biryukov, Adi Shamir and David Wagner showed that they can find the A5/1 key in less than a second on a single PC with 128 MB RAM and two 73 GB hard disks, by analyzing the output of the A5/1 algorithm in the first two minutes of the conversation. Ian Goldberg and David Wagner of the University of California at Berkeley published an analysis of the weaker A5/2 algorithm showing a work factor of 2^16, or approximately 10 milliseconds. B,S&W's paper has some really nice detail, and also mentions that Goldberg and Wagner announced an O(2**16) attack on A5/2 in 1999.

The attack on A5/1 does take a big amount of pre-computation, but if I'm reading it correctly, it's about 2**48 iterations of a very efficient algorithm, which looks like it's 4 instructions, mostly from L2 cache, and 150B of disk which was somewhat aggressive for PCs back then, but is cheap commodityware now (you might spend some extra money if you want faster disks...) If it partitions conveniently, run it on the PC farm overnight, or get distributed.net to prepare it, or use that 2GHz P4 for a couple of weeks. After the pre-processing is done, actual attacks seem to need about 2 minutes of call time and a few tens of seconds to crack, so it's near-real-time.

Counterpane

[usmcpanzer]

Bruce Schneier mentioned how weak the GSM algorithm was back in this Dec 99 issue of Crypto-Gram. Its lousy encrpytion and is secret, non-peer reviewed.

Interception Warrants = Useless

[anonymous+cupboard]

A Law Enforcement Authority (LES) can gain a warrant to listen to a particular number. This is great with fixed lines, but next to useless for mobiles. Does Osama have a contract with an airtime reseller? He would do what the drug dealers do and get mobiles that are not on a contract or are stolen.

The subject of the surveillance then makes a phone call, but you don't know what number he is using - so your warrant with the Judges signature doesn't help much.

You may observe tge phone call but you can't get an intercept because even if you know the local BSE, it may be handling 16 calls simultaneously. Under such circumstancesm off air intercepts are the only simple solution. Even then you would need to determine which conversation you wanted (GSM uses TDMA to seperate calls on a particular frequency).

Re:How does this affect US/Israel relations?

[BigBadBri]

I'll answer, even to an AC. #1 - it would be nice to know, but since Israel is the only nuclear state never to have signed the NPT, or agree to international monitoring of its weapons programmes, it's a little difficult. We have to rely on sources like Janes, who estimate 200-500 warheads. #2 - Israel would be exactly where it is, since none of its neighbours has the conventional capability to overcome Israels forces, with or without nuclear weapons. Egypt isn't interested, Jordan is too small, and Syria would be restricted to too small a front line to maunt an effective attack. #3 - agreed - there is no need for racism here, or anywhere. It's a question of right and wrong, not whether we like or dislike particular racial stereotypes. #4 - this is emphatically not true. Palestine was offered a very poor deal, with non-contiguous areas forming the 'state' (in reality a series of bantustans easily isolated from one another), with the loss of not 2% or 5% of the territory, as is commonly thought, but nearly 10%. Israel even proposed to keep the border area on the Jordanian side. This was not an offer that any sane man would accept. Even Barak, after the offer was declined, tried to keep the talks going, but the upcoming Israeli election (in which, worst luck, Sharon came to power) made a deal impossible. #5 - Geneva Conventions apply only to states. There is no war between Palestine and Israel, because Palestine is not yet a state. The parent attempts to apply the Geneva Conventions to a resistance struggle against occupation. The applicable Geneva Conventions are the first and fourth, covering settlement of occupied territories, collective punishment of occupied peoples and interference with medical personnel. This is not a religious struggle, no matter how you try to paint it. Israel is occupying land gained by force, and is acting illegally in settling that land and in its treatment of the local population. Just remember that the Germans viewed French resistance actions as terrorism - Israel is the invader here, and should follow international norms and law.

Old news...

[DJ+Paradox]

I can't believe this has made headline news on both /. and on NewScientist... This stuff has been going for years - I have a reliable German friend who know that the German Federal Police have had this knowledge and been using it publically. A temporary base station has been used before - the privacy issue (in Germany at least) is that even with a Judge appointed warrant all calls are captured at the same time while recording one call (unfortunate kickback I'm sure).

Interesting enough but it was touted by so many as such cutting edge news...

Re:Anti-israely bigot wants to date an israelly ..

actually Natalie thinks that arabs and israelis are cousins
"most Israelis and Palestinians are indistinguishable physically."
parent post is kinda meaningless.

CDMA and frequency hopping

[Mr2001]

Yes, but the way I understand it, GSM doesn't hop nearly as fast or as randomly as CDMA technologies do.

CDMA, if I understand it correctly, doesn't just "hop" frequencies: it uses many frequencies simultaneously.

Each spreading code tells your phone which group of frequencies to use, and each bit of the audio stream is translated to a "chip", which is a pattern of bits on different frequencies. So when your phone broadcasts a 0 chip, it might actually send a 0 bit on frequencies X, Y, Z, and a 1 bit on frequencies A, B, C. (I'm simplifying here.. there are a lot more than 6 bits in a chip.) This is what allows for "soft handoffs" where your phone is talking to two towers at the same time: the other tower only needs to know your spreading code, it doesn't have to reserve a frequency/timeslot for you as in GSM.

Some codes use some of the same frequencies as other codes. Normally that isn't a problem, because there are enough frequencies that the tower can correct errors: if it sees a 0 on X, Y, Z, a 1 on A and B, and a 0 on C, it can decide that someone else is colliding with your C and that you really wanted to broadcast a 0 chip. A very busy cell will eventually get to a point where any extra users would cause too much interference for the phone and towers to correct those collisions, which is what causes CDMA's soft limit.

Because interference is such a key point in CDMA, the network controls everyone's broadcast power with an iron fist, to prevent users from interfering with each other or with other towers. This is useful for portable towers, among other things... the wireless carrier can put a tower in the back of a truck and park it near the stadium on Super Bowl Sunday, and the portable tower will make sure all the handsets are only using as much power as they need to reach the truck. Other towers in the area won't be overloaded by all the phone users in the stadium.

Re:What is the difference between MI5 and MI6 anyw

[Paul+Jakma]

MI5 is counter-intelligence, ie operating /within/ Britain to counter security/intelligence threats. MI5 were involved in efforts to counter IRA activity, as well as tapping most phone and other comms to Rep. of Ireland.

MI6 are intelligence, ie gathering intelligence on external parties. Equivalent of the US CIA.

Apparently they've changed their names, according to another poster.