Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cell Phone Encryption Exploit Demonstrated

Posted by Soulskill on from the wiretapping-on-the-cheap dept.

Saxophonist brings us a story from Forbes about security researchers who demonstrated a new method for breaking the encryption on GSM cellular signals. The presentation was made at the recent Black Hat conference, and it's notable for the fact that the technique only requires "about half an hour with just $1,000 in computer storage and processing equipment." The researchers also claim to have found a faster method, which they intend to market for $200,000 - $500,000. Quoting: "Undetectable, 'passive' systems like the one that Muller and Hulton have created aren't new either, though previous technologies required about a million dollars worth of hardware and used a "brute force" tactic that tried 33 million times as many passwords to decrypt a cell signal. All of that means, Hulton and Muller argue, that their cheaper technique is simply drawing needed attention to a problem that mobile carriers have long ignored--one that well-financed eavesdroppers may have been exploiting for years. 'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?' Muller says."

15 of 153 comments (clear)

  1. because by ILuvRamen · · Score: 2, Interesting

    If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?
    Assuming I'm the person they're talking about instead of to...because my neighbors don't have anything interesting to say. Trust me, they're really strange and really boring. Anyway, for those of you wondering what someone could possibly say over a cell phone that's so intercept-worthy, some fancy banks require a key-press or auditory password to access balances and even move funds. You know, like in the movies. Some actually do that. And if you're going to say that it matches voice pitch and stuff instead of just the word, duh, press record on your laptop when they say it and play it back through the phone.
    --
    Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
    1. Re:because by TheRaven64 · · Score: 2, Interesting

      Do you have to give a pass-phrase though? Every bank I've seen gets you to set up a pass phrase but only ever asks you for two letters from it. If someone intercepts your phone call, it is going to be a long time before the bank asks that combination again, and most will telephone you after a few failed attempts and validate that it is you making them.

      --
      I am TheRaven on Soylent News
    2. Re:because by lucifuge31337 · · Score: 2, Interesting

      And if you're going to say that it matches voice pitch and stuff instead of just the word, duh, press record on your laptop when they say it and play it back through the phone.

      That's not how voice verification technology works. If it did, it would be totally useless.

      Typically, voice sample are requested at random (out of a defined set - like the number 0 through 9) and sane engines look at how the phonemes are strung together when you say something, for example, in the middle of the phrase as opposed to at the end of the phrase. The engine knows about this because the enrollment process has you speak the phrase components in different orders several times.

      But what do I know.

      --
      Do not fold, spindle or mutilate.
  2. Forbes obviously missed Shmoocon... by acq3 · · Score: 2, Interesting

    http://www.shmoocon.org/

    The presentation will probably be available on the Shmoocon website in the not too distant future. Forbes did the standard mainstream media muddling so check with H1kari for the real deal...

  3. Coming soon, try it yourself... by kanweg · · Score: 4, Interesting

    Unless their patent application is kept confidential by the government for reasons of national security, it will be published within 18 months. You'll be able to learn how the trick works from it (if you're an expert in the field and you cannot make it work, no patent should be granted). You're not allowed to exploit that commercially, of course, but at least you can have fun and pull a few pranks with it. You could claim you're psychic.

    I'm wondering how you ever could tune in to the correct conversation, with thousands of mobile phones transmitting at the same time.

    Bert

  4. Re:That would be awesome by QuantumG · · Score: 2, Interesting

    Scanner? We used to just use a Motorola flip phone and the scanning codes that were kindly built into it by the company. *43# etc

    Whenever the phone you were scanning moved from one cell to another you'd lose the signal but it would display on the screen what channel it had changed to.. in hex.. so you'd either convert the hex to decimal, enter that channel and pick up the conversation or you'd scan for another call.

    And yes, it was boring as hell.

    --
    How we know is more important than what we know.
  5. Re:Not too afraid by palegray.net · · Score: 3, Interesting

    While this is an extremely powerful re-discovery, I'm not that afraid of average Joe attempting to listen to my conversations Wait until Not-So-Average Joe decides to sell transcripts of your conversations as marketing data. Or maybe analyzes your conversations for keywords and extracts just those portions to blackmail you. Ever talk about hating your job? Ever cheated on your significant other? Ever lied on your taxes? The list goes on...
    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  6. CCC by norkakn · · Score: 2, Interesting

    How does this compare to the CCC crack? Can it do all of the encryption standards?

    http://video.google.com/videoplay?docid=8955054591690672567&q=CCC+GSM&total=2&start=0&num=10&so=0&type=search&plindex=0

  7. Re:There never was end-to-end encryption... by jimicus · · Score: 4, Interesting

    How is it that it caught on for the web (credit card payments over SSL), but still barely for personal communications (gpg, encrypted IM)?

    That's a very good question.

    One idea I've heard is that when SSL was first developed, the web was in its infancy and nobody really felt happy about the idea of sending their credit card details over it. The fact that it was relatively easy to eavesdrop on a computer network was fairly well known. This was no good to anyone who wanted to do business (OK, porn sites) over the web, and so SSL solved that problem by providing reassurance that nobody was eavesdropping.

    The telephone system, on the other hand - that's been around so long that it's familiar technology and relatively few people are aware of how insecure it is. If you think GSM is bad (it's actually not that poor, and 3G introduces AES encryption), consider your land line. No encryption whatsoever and an analogue signal (so no computer equipment or specialised unusual codecs required to tap) between you and the telephone exchange.

  8. GSM telephone banking by 23r0 · · Score: 2, Interesting

    ...but a very big problem is the fact that people, i.e. myself, are using GSM for banking. The security of phone banking 100% relies on GSM encryption. You are just identifieing yourself via PIN, and that's it - you are fully authenticated - unlimited access to the account! This is unusable now. No skimming needed...

  9. Gaining delicate corporate information by Mushur · · Score: 2, Interesting

    Imagine listening in to the CEO of a Fortune500 company in the days preceding financial reports. You may gain very valuable information. As we saw last week, it is not considered insider trading if you hacked your way to the data. Also competing firms could use this to be one step ahead, and potentially can ruin another firm.

  10. Re:So? by QuantumG · · Score: 2, Interesting

    You know there are people in the world other than you right? And most of them use cell phones and don't really think about security. People like CEOs of companies that are about to go public. People like stockbrokers who place orders that change the direction of the market. People who having an affair right now and work in some shit-kicker job for a senator now but may one day be in a position of power. The list goes on. Basically, if you can't think of a better use for cell phone hacking than stealing credit card numbers or banking logins, then you're just not trying.

    --
    How we know is more important than what we know.
  11. Re:Lets look at some facts.... by threeturn · · Score: 2, Interesting
    Just to emphasise the point:

    that their cheaper technique is simply drawing needed attention to a problem that mobile carriers have long ignored--one that well-financed eavesdroppers may have been exploiting for years Clearly the carriers haven't ignored this problem - they have produced a better encryption algorithm in the form of A5/3. The real problem is that the governments hold the carriers over a barrel. If the encryption gets too good then the algorithm is subject to all kinds of export restrictions which makes it very difficult to use in a global standard like GSM.
  12. Re:Not too afraid by Gendor · · Score: 2, Interesting

    Here in South Africa I haven't regarded cell phone calls as secure for quite some time. School kids figured out that if you dial the three-digit customer service number on your cell phone, and keep on waiting on the line a few minutes after the voice recording finishes, the following happens: It connects to (I presume) your local tower and you can hear the one side of random cell phone conversations. After a few minutes it switches over to another conversation. You can only hear one side of the conversation, but it proved quite entertaining for kids to listen in on conversations during school breaks (phoning customer service is a toll-free call). Luckily the cell phone company realized this and fixed the security hole after a few months.

  13. Re:There never was end-to-end encryption... by Shakrai · · Score: 2, Interesting

    consider your land line. No encryption whatsoever and an analogue signal (so no computer equipment or specialised unusual codecs required to tap) between you and the telephone exchange.

    Well, FWIW, you can detect a bug like that on your POTS line by monitoring the voltage on the line. It won't help you with a bug placed at the exchange/central office, but that vulnerability exists regardless of the technology (POTS, GSM, VoIP, etc) that you are using.

    More amusing then deliberate bugs is crosstalk on old/lousy wiring. I never had POTS hooked up in my old apartment building (cellular only) but I could plug a phone into the jack and listen to other peoples conversations/DTMF/dial tones. Some of them were hard to hear (guessing the pairs were fair enough apart to reduce crosstalk) but most of them came in loud enough to be understood quite clearly -- and I suspect it would have been child's play to hook up an amplifier to boost the weak signals to a usable level.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.