Slashdot Mirror
Cell Phone Encryption Exploit Demonstrated
Saxophonist brings us a story from Forbes about security researchers who demonstrated a new method for breaking the encryption on GSM cellular signals. The presentation was made at the recent Black Hat conference, and it's notable for the fact that the technique only requires "about half an hour with just $1,000 in computer storage and processing equipment." The researchers also claim to have found a faster method, which they intend to market for $200,000 - $500,000. Quoting:
"Undetectable, 'passive' systems like the one that Muller and Hulton have created aren't new either, though previous technologies required about a million dollars worth of hardware and used a "brute force" tactic that tried 33 million times as many passwords to decrypt a cell signal. All of that means, Hulton and Muller argue, that their cheaper technique is simply drawing needed attention to a problem that mobile carriers have long ignored--one that well-financed eavesdroppers may have been exploiting for years. 'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?' Muller says."
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
While this is an extremely powerful re-discovery, I'm not that afraid of average Joe attempting to listen to my conversations, which are boring if anything most of the time. It would still probably take a reasonably quick computer and technical know-how to implement this kind of scheme on a usable scale. Plus, if the FBI and CIA already have the privilege to tap into my conversations, then the fear of security loss is already somewhat of a non-unique one.
Imagine being able to listen in on your whole appartment building's conversations.
It would be a dream come true.
post!
http://www.shmoocon.org/
The presentation will probably be available on the Shmoocon website in the not too distant future. Forbes did the standard mainstream media muddling so check with H1kari for the real deal...
# cat
Damn, my RAM is full of cats. MEOW!!
There are stories like this all the time, but tech people still have trouble convincing most users that end-to-end encryption is important. How is it that it caught on for the web (credit card payments over SSL), but still barely for personal communications (gpg, encrypted IM)? Even in the situations where it's easy to use encryption, many users still can't be made to care -- especially if it's not something enabled by default. Maybe just that those doing the sniffing are suitably quiet about it...
--
Electronics kits for the digital generation.
'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?'
Because the Government hates the competition?
--- Grow a pair, liberals... stop letting the Republicans bully you!
and i'll bet they won't charge anything.
;)
check out some movie about the GSM state of security [1] and mod me informative.
[1] http://chaosradio.ccc.de/camp2007_m4v_2015.html
This sucks, for those three people still using GSM.
What about the security of UMTS ?
knowledge of this can *only* have some impact if you tell everyone about it. just look WEP, better encryption is the way to go.
Unless their patent application is kept confidential by the government for reasons of national security, it will be published within 18 months. You'll be able to learn how the trick works from it (if you're an expert in the field and you cannot make it work, no patent should be granted). You're not allowed to exploit that commercially, of course, but at least you can have fun and pull a few pranks with it. You could claim you're psychic.
I'm wondering how you ever could tune in to the correct conversation, with thousands of mobile phones transmitting at the same time.
Bert
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
What a stupid comment. In other words, if some people are going to break the law, let's make sure everyone can. Good idea.
Let him sit on his couch eating Cheetos. He has the right to be happily oblivious as every personal right slowly disappears because no one is complaining (too busy eating Cheetos!) while the technology that makes it possible keeps getting cheaper and more powerful.Well done troll. NoScript to the rescue again! (For everyone's info, that links is MyMinicity, with a rather "colorful" city name.)
Thank God for evolution.
tune in to chaosradio 56 "GSM Hacking" [1]. (although i doubt that german-speaking slashdot users don't know of chaosradio) [1] http://chaosradio.ccc.de/cre056.html
My first thought about this was privacy and the government. Obviously.
From my understanding though, this encryption is certainly not applied over the whole transmission, meaning endpoint to endpoint. Just the handset to the tower.
The government does not actually need to crack this encryption, or even intercept transmission between handsets and towers. They can just order digital wiretaps, which cannot be detected. Speaking of which, I have always been amused when people state they you can just buy hardware to detect that too. The location of the handset is easily determined, and in most cases the identity of the user. The government already has the ability to access all of this information with the cooperation of the telecommunications companies anyways. With Telco Immunity being pushed, there won't even be room to dispute it anymore.
So not trivializing the serious issues with our privacy and the government, they are still the least of our concern here.
What strikes me as very problematic is that this opens up a whole new "market" for identity theft, banking fraud, etc. I do quite a lot of business over the phone, and just about every single company uses the touch tones to gather data. Capturing the the numbers by listening to the tones is trivial. This can be done quite easily by software and hardware.
So if all the popular company phone numbers are known, and all the data being sent to it by customers can be recorded, this presents quite a security problem. With the right amount of equipment you can start capturing all sorts of data being sent over the phone. It will only be a matter of time before you gain enough information to compromise someones identity.
I am not worried about my neighbors, not worried about my government, but I am very worried about the stranger interested in the fact I called Washington Mutual.
Try it again. I fixed the link.
How does this compare to the CCC crack? Can it do all of the encryption standards?
http://video.google.com/videoplay?docid=8955054591690672567&q=CCC+GSM&total=2&start=0&num=10&so=0&type=search&plindex=0
...but a very big problem is the fact that people, i.e. myself, are using GSM for banking. The security of phone banking 100% relies on GSM encryption. You are just identifieing yourself via PIN, and that's it - you are fully authenticated - unlimited access to the account! This is unusable now. No skimming needed...
Got the Nokitel code.
Finally had enough. Come see us over at https://soylentnews.org/
New GSM equipment already supports A5/3 which is still secure. I think the main impact of this hack is going to be some sensational headlines and a big push to make A5/3 universally available.
Being able to crack the GSM A5/1 encryption with thousands of US dollars (instead of millions) is nice, but the encryption scheme itself was cracked long ago, and by Prof. Shamir (of RSA fame), no less.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Imagine listening in to the CEO of a Fortune500 company in the days preceding financial reports. You may gain very valuable information. As we saw last week, it is not considered insider trading if you hacked your way to the data. Also competing firms could use this to be one step ahead, and potentially can ruin another firm.
Ok let's say Iraq has a major intelligence operation in the US. Now let's say they listen in on cellphones. You think they are going to listen in on mine? Why the hell would they waste the time? I don't have anything to say that would be of interest to them. I don't have access to any military secrets, I don't have any knowledge of what our government is doing that you can't find out on CNN. I'm not of any interest to them.
So what would they do? Listen in and steal my bank information? Ok, except that would be world class retarded. You spend all this time establishing good cover and getting set up in your target nation, and then blow it to steal a few grand from someone? Remember that good tradecraft for a spy is invisibility. They don't want to do anything that would draw any attention to themselves. They want to be just Joe Random Citizen that does nothing wrong that nobody notices. Well they start stealing bank accounts or something like that, they'll immediately be getting attention and it won't be long before they get caught.
So even if a foreign intelligence agency is listening to my calls, I just don't care. It isn't useful to them, and it isn't harmful to me. However a random criminal, well then that's a problem. They will use the information to steal my money.
Well, soon on the news: "Phones are for old people".
(Ok, I thought about "only terrorists use phones", but that one is of course old news!)
It's sad that 40 year old men living in their parents' basements have to spend hundreds of thousands of dollars to listen in on phone calls of men and women who have normal interesting lives. But I guess that's easier than getting dates. ;)
Looks like he gave the same (or longer) presentation at Black Hat.
http://cuz.cx/
At the same Black Hat conference, a chap presented on how easy it is to hack a smart-chip enabled credit card - "As part of his presentation Wednesday, Laurie asked for someone from the audience to volunteer a smart card. Without taking the card out of the volunteer's wallet, Laurie both read and displayed its contents on the presentation screen--the person's name, account number, and expiration clearly visible" - http://www.news.com/8301-10789_3-9875961-57.html
New Scientist described a practical, fairly low budget attack in 2002. By use of selective jamming, it's possible to drop a handset off the cell, then capture its IMSI (and thus IMEI) when it re-registers. Using these stolen credentials, send a spoofed degraded signal to the base station to mimic poor reception; by design, GSM then switches to A5/0 i.e. turns encryption off(!) because an unencrypted signal needs less bandwidth. If you don't have a specific target to eavesdrop on, you could presumably lower the budget further by just monitoring somewhere with naturally bad reception ...
The article stated this technology was commercialised as the "IMSI catcher", but it seems that they've updated it to instead mimic a base station, which "forces" handsets to use it by virtue of being the strongest signal then selects A5/0 mode. (The fundamental GSM flaw here is that the phone must authenticate to the network, but not vice versa.) This new method is probably due to network complaints about the interference to everyone the first method causes.
Among the phones included clearly can't be the iPhone, otherwise the title would be, "iPhone encrpytion exploit demonstrated!!"
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
www.drti.com
Its a FAKE!
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
A few things struck me as odd about this article - particularly the entrepreneurial nature of the people making the exploit. It says that they are patenting it and planning to sell dedicated hardware for $200-$500k. It seems to me that under US law this technology would be illegal (under the same laws that make it illegal to decrypt encrypted satellite TV without authorization...always seemed strange to me - you should always be able to listen to any electromagnetic waves passing through your backyard - but not surprising that industry got something like that passed). An illegal technology cannot be patented. Legitimate police don't need to listen in to GSM communications - they get a wiretap directly from the phone company. That leaves the NSA (or their foreign equivalents), who operate outside of areas where they have legal jurisdiction - and I've got to believe that the NSA has been doing this for years if these guys just stumbled on it.
That pretty much leaves the market for this as organized crime, or sleazy private investigators who don't worry much about the law . But, I guess this was a Black Hat convention...
So, does this mean that cdma is the apple OSX of wireless protocols? That is, secure only because it's not profitable enough to exploit it.
I was under the impression for years it was a trivial feat for just about anyone who wanted to 'decrypt' GSM conversations. GSM was intentionally broken from the start combined with common poor security practices in choosing keys I was under the impression building a radio to collect the data was the biggest and most expensive challenge to easedropping on radio signals.
:-) Less laws to break that way.
I wonder if its possible that this article is really just a case of the submitter embellishing facts to make themselves look better.
Personally I'd stick with bluetooth hacks
No matter how good their cipher, it is only between the phone and the edge of the telecom provider's network. The provider had your plaintext, and laws like CALEA require them add security holes to their network. At a minimum, the government had access to your plaintext. Beyond that minimum, who the fuck knows who else had access to it. Your neighbor might have been listening anyway.
Security cannot be left to the provider. Treat them as a hostile network.
Many (most?) phone calls are between people who have met in real life, so there's no reason your phones shouldn't have exchanged public keys. Of those, many are between people who meet in real life frequently (your wife, your friends, etc), so the phones can probably exchange a few gigabytes of random OTP now and then. These communications should be easily securable. Then bolt Diffie-Helman on top of that (after you have a MitM-free authenticated link) if you want forward secrecy.
All that is required, is generic (though low-latency) network access, and phones that are running software that is targeted at serving the users' interest, rather than someone else's.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Is this why I've never had a cellphone that lasts more than 3 months before I start having problems? I just changed the SIM chip or swapped phones every 3 months, I have the same problem with Skype though but only have to change the incoming number not the hardware too.
So if I combine this technology with what I learned in a previous Slashdot article on insider trading, I might conclude that it could be very profitable to go around Wall Street listening in on cell phone calls and trading on that information would not be a crime?