Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cell Phone Encryption Exploit Demonstrated

Posted by Soulskill on from the wiretapping-on-the-cheap dept.

Saxophonist brings us a story from Forbes about security researchers who demonstrated a new method for breaking the encryption on GSM cellular signals. The presentation was made at the recent Black Hat conference, and it's notable for the fact that the technique only requires "about half an hour with just $1,000 in computer storage and processing equipment." The researchers also claim to have found a faster method, which they intend to market for $200,000 - $500,000. Quoting: "Undetectable, 'passive' systems like the one that Muller and Hulton have created aren't new either, though previous technologies required about a million dollars worth of hardware and used a "brute force" tactic that tried 33 million times as many passwords to decrypt a cell signal. All of that means, Hulton and Muller argue, that their cheaper technique is simply drawing needed attention to a problem that mobile carriers have long ignored--one that well-financed eavesdroppers may have been exploiting for years. 'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?' Muller says."

11 of 153 comments (clear)

  1. Overkill for neighbours by Techman83 · · Score: 5, Funny

    why shouldn't your next-door neighbor? Considering how many mobile users seem to scream into the damn things this may almost be redundant! /joke
    --
    # cat /dev/mem | strings | grep -i cat
    Damn, my RAM is full of cats. MEOW!!
    1. Re:Overkill for neighbours by RuBLed · · Score: 3, Funny

      But my neighbors are speaking Klingon when they come out of the basement to talk in their mobile. How could this technology help me?

      They're also saying "ghob" out loud... also I think my other neighbors are raptors...

    2. Re:Overkill for neighbours by palegray.net · · Score: 4, Funny

      How could this technology help me? 1. Record conversations.
      2. Open subspace diplomatic channel to the Romulans.
      3. Sell the conversations as intelligence data.
      4. Profit!
      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  2. Obligatory by Travoltus · · Score: 3, Funny

    'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?'

    Because the Government hates the competition?

    --
    --- Grow a pair, liberals... stop letting the Republicans bully you!
  3. Re:Counter decryption! by Anonymous Coward · · Score: 0, Funny

    Try it again. I fixed the link.

  4. Re:Privacy the least of our concerns by QuantumG · · Score: 2, Funny

    The government does not actually need to crack this encryption, or even intercept transmission between handsets and towers. They can just order digital wiretaps, which cannot be detected. Dude, they didn't say which government.

    --
    How we know is more important than what we know.
  5. Re:That would be awesome by jacquesm · · Score: 4, Funny

    message to your significant other: if he ever uses a non-gsm phone get the frying pan :)

    --
    MP3 Search Engine
  6. Re:because by mrbluze · · Score: 2, Funny

    It's really a matter of publicizing the weakness to the point where manufacturers and network providers are forced to do something about it. Average people generally don't care about issues like this until they're really an issue.

    Well, as you rightly say, most people don't matter in the grand scheme of things. At least that's how it can appear. But in oppressive countries, it's the occasional person in the occasional 'situation' where this stuff really matters, including (and especially) government interception. From that point of view, everybody matters, because if there are no trees (you and me), then there is no forest for fugitives to hide in. Never use a mobile phone, a land-phone, an unencrypted internet connection, etc. for anything that really matters. Same goes for the old fashioned things like avoiding public places and whatever else.

    Everybody should use as much encryption as they can manage - it's cheap insurance. If you want to make a difference without taking risks, that's the way to go. It means others who are braver and more able than ourselves can go on carrying on their work saving society, blowing whistles and so forth without getting their carotids slashed.

    Any encryption that is not complete from point of origin to target is meaningless (if you're trying to hide your communications).

    --
    Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
  7. Re:Not too afraid by fmobus · · Score: 1, Funny

    Oh, you're Danish? Don't worry then, even if you neighbor could intercept your calls, they wouldn't be able to understand the meaningless, gutural sounds to which Danish evolved.

  8. iPhone by kellyb9 · · Score: 3, Funny

    Among the phones included clearly can't be the iPhone, otherwise the title would be, "iPhone encrpytion exploit demonstrated!!"

  9. Fabricated recordings by dj245 · · Score: 2, Funny

    Its a FAKE!

    --
    Even those who arrange and design shrubberies are under considerable economic stress at this period in history.