Slashdot Mirror
Cell Phone Encryption Exploit Demonstrated
Saxophonist brings us a story from Forbes about security researchers who demonstrated a new method for breaking the encryption on GSM cellular signals. The presentation was made at the recent Black Hat conference, and it's notable for the fact that the technique only requires "about half an hour with just $1,000 in computer storage and processing equipment." The researchers also claim to have found a faster method, which they intend to market for $200,000 - $500,000. Quoting:
"Undetectable, 'passive' systems like the one that Muller and Hulton have created aren't new either, though previous technologies required about a million dollars worth of hardware and used a "brute force" tactic that tried 33 million times as many passwords to decrypt a cell signal. All of that means, Hulton and Muller argue, that their cheaper technique is simply drawing needed attention to a problem that mobile carriers have long ignored--one that well-financed eavesdroppers may have been exploiting for years. 'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?' Muller says."
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
While this is an extremely powerful re-discovery, I'm not that afraid of average Joe attempting to listen to my conversations, which are boring if anything most of the time. It would still probably take a reasonably quick computer and technical know-how to implement this kind of scheme on a usable scale. Plus, if the FBI and CIA already have the privilege to tap into my conversations, then the fear of security loss is already somewhat of a non-unique one.
http://www.shmoocon.org/
The presentation will probably be available on the Shmoocon website in the not too distant future. Forbes did the standard mainstream media muddling so check with H1kari for the real deal...
Way back when (1994) I had a scanner and listened to a few conversations of my neighbors. Turns out that if you don't know the person and what they're talking about then the conversations are extremely boring. People just aren't that interesting on the phone.
"Freedom Through Vigilance"
# cat
Damn, my RAM is full of cats. MEOW!!
There are stories like this all the time, but tech people still have trouble convincing most users that end-to-end encryption is important. How is it that it caught on for the web (credit card payments over SSL), but still barely for personal communications (gpg, encrypted IM)? Even in the situations where it's easy to use encryption, many users still can't be made to care -- especially if it's not something enabled by default. Maybe just that those doing the sniffing are suitably quiet about it...
--
Electronics kits for the digital generation.
'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?'
Because the Government hates the competition?
--- Grow a pair, liberals... stop letting the Republicans bully you!
and i'll bet they won't charge anything.
;)
check out some movie about the GSM state of security [1] and mod me informative.
[1] http://chaosradio.ccc.de/camp2007_m4v_2015.html
This sucks, for those three people still using GSM.
What about the security of UMTS ?
knowledge of this can *only* have some impact if you tell everyone about it. just look WEP, better encryption is the way to go.
Unless their patent application is kept confidential by the government for reasons of national security, it will be published within 18 months. You'll be able to learn how the trick works from it (if you're an expert in the field and you cannot make it work, no patent should be granted). You're not allowed to exploit that commercially, of course, but at least you can have fun and pull a few pranks with it. You could claim you're psychic.
I'm wondering how you ever could tune in to the correct conversation, with thousands of mobile phones transmitting at the same time.
Bert
Scanner? We used to just use a Motorola flip phone and the scanning codes that were kindly built into it by the company. *43# etc
Whenever the phone you were scanning moved from one cell to another you'd lose the signal but it would display on the screen what channel it had changed to.. in hex.. so you'd either convert the hex to decimal, enter that channel and pick up the conversation or you'd scan for another call.
And yes, it was boring as hell.
How we know is more important than what we know.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
What a stupid comment. In other words, if some people are going to break the law, let's make sure everyone can. Good idea.
Let him sit on his couch eating Cheetos. He has the right to be happily oblivious as every personal right slowly disappears because no one is complaining (too busy eating Cheetos!) while the technology that makes it possible keeps getting cheaper and more powerful.Well done troll. NoScript to the rescue again! (For everyone's info, that links is MyMinicity, with a rather "colorful" city name.)
Thank God for evolution.
tune in to chaosradio 56 "GSM Hacking" [1]. (although i doubt that german-speaking slashdot users don't know of chaosradio) [1] http://chaosradio.ccc.de/cre056.html
My first thought about this was privacy and the government. Obviously.
From my understanding though, this encryption is certainly not applied over the whole transmission, meaning endpoint to endpoint. Just the handset to the tower.
The government does not actually need to crack this encryption, or even intercept transmission between handsets and towers. They can just order digital wiretaps, which cannot be detected. Speaking of which, I have always been amused when people state they you can just buy hardware to detect that too. The location of the handset is easily determined, and in most cases the identity of the user. The government already has the ability to access all of this information with the cooperation of the telecommunications companies anyways. With Telco Immunity being pushed, there won't even be room to dispute it anymore.
So not trivializing the serious issues with our privacy and the government, they are still the least of our concern here.
What strikes me as very problematic is that this opens up a whole new "market" for identity theft, banking fraud, etc. I do quite a lot of business over the phone, and just about every single company uses the touch tones to gather data. Capturing the the numbers by listening to the tones is trivial. This can be done quite easily by software and hardware.
So if all the popular company phone numbers are known, and all the data being sent to it by customers can be recorded, this presents quite a security problem. With the right amount of equipment you can start capturing all sorts of data being sent over the phone. It will only be a matter of time before you gain enough information to compromise someones identity.
I am not worried about my neighbors, not worried about my government, but I am very worried about the stranger interested in the fact I called Washington Mutual.
How does this compare to the CCC crack? Can it do all of the encryption standards?
http://video.google.com/videoplay?docid=8955054591690672567&q=CCC+GSM&total=2&start=0&num=10&so=0&type=search&plindex=0
...but a very big problem is the fact that people, i.e. myself, are using GSM for banking. The security of phone banking 100% relies on GSM encryption. You are just identifieing yourself via PIN, and that's it - you are fully authenticated - unlimited access to the account! This is unusable now. No skimming needed...
Got the Nokitel code.
Finally had enough. Come see us over at https://soylentnews.org/
New GSM equipment already supports A5/3 which is still secure. I think the main impact of this hack is going to be some sensational headlines and a big push to make A5/3 universally available.
message to your significant other: if he ever uses a non-gsm phone get the frying pan :)
MP3 Search Engine
Being able to crack the GSM A5/1 encryption with thousands of US dollars (instead of millions) is nice, but the encryption scheme itself was cracked long ago, and by Prof. Shamir (of RSA fame), no less.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Imagine listening in to the CEO of a Fortune500 company in the days preceding financial reports. You may gain very valuable information. As we saw last week, it is not considered insider trading if you hacked your way to the data. Also competing firms could use this to be one step ahead, and potentially can ruin another firm.
> Mental note: If I ever decide to have an affair, I'd better make sure I don't use a GSM phone.
If you were planning on using a CDMA phone instead, you should check what encryption is used. Most of the algorithms have been broken.
CMEA is extremely weak and was broken in the late '90s.
ORYX is also broken.
My understanding is that CMEA was "patched" up into SCMEA and ECMEA but I don't know if anyone has broken them yet.
Ok let's say Iraq has a major intelligence operation in the US. Now let's say they listen in on cellphones. You think they are going to listen in on mine? Why the hell would they waste the time? I don't have anything to say that would be of interest to them. I don't have access to any military secrets, I don't have any knowledge of what our government is doing that you can't find out on CNN. I'm not of any interest to them.
So what would they do? Listen in and steal my bank information? Ok, except that would be world class retarded. You spend all this time establishing good cover and getting set up in your target nation, and then blow it to steal a few grand from someone? Remember that good tradecraft for a spy is invisibility. They don't want to do anything that would draw any attention to themselves. They want to be just Joe Random Citizen that does nothing wrong that nobody notices. Well they start stealing bank accounts or something like that, they'll immediately be getting attention and it won't be long before they get caught.
So even if a foreign intelligence agency is listening to my calls, I just don't care. It isn't useful to them, and it isn't harmful to me. However a random criminal, well then that's a problem. They will use the information to steal my money.
CDMA is being shut down in Australia, so that should save a few people's hides, so to speak.
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
Isn't CDMA inherently harder to eavesdrop on, though? Without knowing the codes that each handset is using, all you get is noise, and that's at a lower level than any encryption.
Visual IRC: Fast. Powerful. Free.
Looks like he gave the same (or longer) presentation at Black Hat.
http://cuz.cx/
At the same Black Hat conference, a chap presented on how easy it is to hack a smart-chip enabled credit card - "As part of his presentation Wednesday, Laurie asked for someone from the audience to volunteer a smart card. Without taking the card out of the volunteer's wallet, Laurie both read and displayed its contents on the presentation screen--the person's name, account number, and expiration clearly visible" - http://www.news.com/8301-10789_3-9875961-57.html
New Scientist described a practical, fairly low budget attack in 2002. By use of selective jamming, it's possible to drop a handset off the cell, then capture its IMSI (and thus IMEI) when it re-registers. Using these stolen credentials, send a spoofed degraded signal to the base station to mimic poor reception; by design, GSM then switches to A5/0 i.e. turns encryption off(!) because an unencrypted signal needs less bandwidth. If you don't have a specific target to eavesdrop on, you could presumably lower the budget further by just monitoring somewhere with naturally bad reception ...
The article stated this technology was commercialised as the "IMSI catcher", but it seems that they've updated it to instead mimic a base station, which "forces" handsets to use it by virtue of being the strongest signal then selects A5/0 mode. (The fundamental GSM flaw here is that the phone must authenticate to the network, but not vice versa.) This new method is probably due to network complaints about the interference to everyone the first method causes.
Among the phones included clearly can't be the iPhone, otherwise the title would be, "iPhone encrpytion exploit demonstrated!!"
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
Its a FAKE!
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
No matter how good their cipher, it is only between the phone and the edge of the telecom provider's network. The provider had your plaintext, and laws like CALEA require them add security holes to their network. At a minimum, the government had access to your plaintext. Beyond that minimum, who the fuck knows who else had access to it. Your neighbor might have been listening anyway.
Security cannot be left to the provider. Treat them as a hostile network.
Many (most?) phone calls are between people who have met in real life, so there's no reason your phones shouldn't have exchanged public keys. Of those, many are between people who meet in real life frequently (your wife, your friends, etc), so the phones can probably exchange a few gigabytes of random OTP now and then. These communications should be easily securable. Then bolt Diffie-Helman on top of that (after you have a MitM-free authenticated link) if you want forward secrecy.
All that is required, is generic (though low-latency) network access, and phones that are running software that is targeted at serving the users' interest, rather than someone else's.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
From perusing the Wikipedia articles on CDMA and TDMA, it seems to me that in CDMA the base station has to somehow agree with the cell phone what pseudorandom code it will use, and it seems to me that that communication doesn't use CDMA (chicken-and-egg). So I wouldn't say that CDMA is inherently harder to eavesdrop on than TDMA, it's just a different challenge (with CDMA you have to intercept the code at the start of the communications between the phone and a new base station, with TDMA you have to synchronize on the right timeslots).
Anyway, newer technology GSM networks (3G) often use some kind of hybrid CDMA/TDMA approach, it seems.
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
So if I combine this technology with what I learned in a previous Slashdot article on insider trading, I might conclude that it could be very profitable to go around Wall Street listening in on cell phone calls and trading on that information would not be a crime?