Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cell Phone Encryption Exploit Demonstrated

Posted by Soulskill on from the wiretapping-on-the-cheap dept.

Saxophonist brings us a story from Forbes about security researchers who demonstrated a new method for breaking the encryption on GSM cellular signals. The presentation was made at the recent Black Hat conference, and it's notable for the fact that the technique only requires "about half an hour with just $1,000 in computer storage and processing equipment." The researchers also claim to have found a faster method, which they intend to market for $200,000 - $500,000. Quoting: "Undetectable, 'passive' systems like the one that Muller and Hulton have created aren't new either, though previous technologies required about a million dollars worth of hardware and used a "brute force" tactic that tried 33 million times as many passwords to decrypt a cell signal. All of that means, Hulton and Muller argue, that their cheaper technique is simply drawing needed attention to a problem that mobile carriers have long ignored--one that well-financed eavesdroppers may have been exploiting for years. 'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?' Muller says."

29 of 153 comments (clear)

  1. Not too afraid by MrCrassic · · Score: 3, Insightful

    While this is an extremely powerful re-discovery, I'm not that afraid of average Joe attempting to listen to my conversations, which are boring if anything most of the time. It would still probably take a reasonably quick computer and technical know-how to implement this kind of scheme on a usable scale. Plus, if the FBI and CIA already have the privilege to tap into my conversations, then the fear of security loss is already somewhat of a non-unique one.

    1. Re:Not too afraid by palegray.net · · Score: 3, Interesting

      While this is an extremely powerful re-discovery, I'm not that afraid of average Joe attempting to listen to my conversations Wait until Not-So-Average Joe decides to sell transcripts of your conversations as marketing data. Or maybe analyzes your conversations for keywords and extracts just those portions to blackmail you. Ever talk about hating your job? Ever cheated on your significant other? Ever lied on your taxes? The list goes on...
      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    2. Re:Not too afraid by Splab · · Score: 3, Informative

      Ever talk about hating your job?

      Yes often, even when at work. Its also no secret that I hate my top boss.

      Lying on taxes is pretty much a national trait around here (Denmark), so again yes - some of us have no worries.

      But I do despise the fact that someone can listen in on stuff, even though most of what we do is no secret, its still something that annoys me.
  2. Overkill for neighbours by Techman83 · · Score: 5, Funny

    why shouldn't your next-door neighbor? Considering how many mobile users seem to scream into the damn things this may almost be redundant! /joke
    --
    # cat /dev/mem | strings | grep -i cat
    Damn, my RAM is full of cats. MEOW!!
    1. Re:Overkill for neighbours by RuBLed · · Score: 3, Funny

      But my neighbors are speaking Klingon when they come out of the basement to talk in their mobile. How could this technology help me?

      They're also saying "ghob" out loud... also I think my other neighbors are raptors...

    2. Re:Overkill for neighbours by palegray.net · · Score: 4, Funny

      How could this technology help me? 1. Record conversations.
      2. Open subspace diplomatic channel to the Romulans.
      3. Sell the conversations as intelligence data.
      4. Profit!
      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  3. There never was end-to-end encryption... by compumike · · Score: 5, Insightful

    There are stories like this all the time, but tech people still have trouble convincing most users that end-to-end encryption is important. How is it that it caught on for the web (credit card payments over SSL), but still barely for personal communications (gpg, encrypted IM)? Even in the situations where it's easy to use encryption, many users still can't be made to care -- especially if it's not something enabled by default. Maybe just that those doing the sniffing are suitably quiet about it...
    --
    Electronics kits for the digital generation.

    1. Re:There never was end-to-end encryption... by QuantumG · · Score: 4, Informative

      Ya know, it *is* strange. Take, for example, Pidgin (formerly GAIM). There's about two dozen plugins for it. One of the plugins is Pidgin-Encrypt which does everything that you would expect (except possibly for some sort of certificate system) and is about as secure as ssh. Does it come with Pidgin by default? No. Is it enabled by default? No. Why not? Why is encryption still considered some opt-in alternative? Considering that it takes both parties to consciously choose to install this plug-in, the grand total of people who use it is about 10.

      --
      How we know is more important than what we know.
    2. Re:There never was end-to-end encryption... by jimicus · · Score: 4, Interesting

      How is it that it caught on for the web (credit card payments over SSL), but still barely for personal communications (gpg, encrypted IM)?

      That's a very good question.

      One idea I've heard is that when SSL was first developed, the web was in its infancy and nobody really felt happy about the idea of sending their credit card details over it. The fact that it was relatively easy to eavesdrop on a computer network was fairly well known. This was no good to anyone who wanted to do business (OK, porn sites) over the web, and so SSL solved that problem by providing reassurance that nobody was eavesdropping.

      The telephone system, on the other hand - that's been around so long that it's familiar technology and relatively few people are aware of how insecure it is. If you think GSM is bad (it's actually not that poor, and 3G introduces AES encryption), consider your land line. No encryption whatsoever and an analogue signal (so no computer equipment or specialised unusual codecs required to tap) between you and the telephone exchange.

    3. Re:There never was end-to-end encryption... by hitmark · · Score: 4, Insightful

      automation, pure and simple...

      the browsers come pre-equiped and will use it when ever a url starts with https rather then http.

      also, the encryption isnt used to verify that whoever is sitting in front of the computer is who he or she claims to be, for that you have third party stuff like pads of one time codes, code generators and similar.

      for im and mail on the other hand one have the, in the eyes of the non-techie user, laborious process of generating and exchanging keys, and making sure that the keys belong to the person one wants to communicate with.

      only way i see this change is if we could turn the mobile phone into a digital key carrier. meet someone, exchange keys pr phone just as one would exchange phone numbers, im/mail address and similar, and so on.

      or maybe the social network sites should allow one to upload ones public key just as on enter above numbers and addresses?

      basically one have to find a way to bring the exchange of public keys into the fabric of ones social interaction. sadly i dont think that will happen any time soon...

      --
      comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
  4. Obligatory by Travoltus · · Score: 3, Funny

    'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?'

    Because the Government hates the competition?

    --
    --- Grow a pair, liberals... stop letting the Republicans bully you!
  5. GNUradio is also up to GSM cracking by erlehmann · · Score: 4, Informative

    and i'll bet they won't charge anything.

    check out some movie about the GSM state of security [1] and mod me informative. ;)

    [1] http://chaosradio.ccc.de/camp2007_m4v_2015.html

  6. not stupid after all by erlehmann · · Score: 4, Insightful

    knowledge of this can *only* have some impact if you tell everyone about it. just look WEP, better encryption is the way to go.

  7. Coming soon, try it yourself... by kanweg · · Score: 4, Interesting

    Unless their patent application is kept confidential by the government for reasons of national security, it will be published within 18 months. You'll be able to learn how the trick works from it (if you're an expert in the field and you cannot make it work, no patent should be granted). You're not allowed to exploit that commercially, of course, but at least you can have fun and pull a few pranks with it. You could claim you're psychic.

    I'm wondering how you ever could tune in to the correct conversation, with thousands of mobile phones transmitting at the same time.

    Bert

    1. Re:Coming soon, try it yourself... by TubeSteak · · Score: 3, Informative

      I'm wondering how you ever could tune in to the correct conversation, with thousands of mobile phones transmitting at the same time. GSM phones identify themselves to the network using a unique International Mobile Equipment Identity (IMEI) #.

      This number is usually printed on the phone somewhere under the battery cover & is retrievable from the phone's software.
      --
      [Fuck Beta]
      o0t!
  8. Here's your answer. by palegray.net · · Score: 5, Insightful

    'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?' It's called common decency, something that's clearly fading away in our society.
    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  9. Re:because by palegray.net · · Score: 5, Insightful

    It's really a matter of publicizing the weakness to the point where manufacturers and network providers are forced to do something about it. Average people generally don't care about issues like this until they're really an issue.

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  10. Let him be... by Gription · · Score: 3, Insightful

    'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?' Muller says."

    What a stupid comment. In other words, if some people are going to break the law, let's make sure everyone can. Good idea.

    Let him sit on his couch eating Cheetos. He has the right to be happily oblivious as every personal right slowly disappears because no one is complaining (too busy eating Cheetos!) while the technology that makes it possible keeps getting cheaper and more powerful.
  11. Privacy the least of our concerns by EdIII · · Score: 4, Insightful

    My first thought about this was privacy and the government. Obviously.

    From my understanding though, this encryption is certainly not applied over the whole transmission, meaning endpoint to endpoint. Just the handset to the tower.

    The government does not actually need to crack this encryption, or even intercept transmission between handsets and towers. They can just order digital wiretaps, which cannot be detected. Speaking of which, I have always been amused when people state they you can just buy hardware to detect that too. The location of the handset is easily determined, and in most cases the identity of the user. The government already has the ability to access all of this information with the cooperation of the telecommunications companies anyways. With Telco Immunity being pushed, there won't even be room to dispute it anymore.

    So not trivializing the serious issues with our privacy and the government, they are still the least of our concern here.

    What strikes me as very problematic is that this opens up a whole new "market" for identity theft, banking fraud, etc. I do quite a lot of business over the phone, and just about every single company uses the touch tones to gather data. Capturing the the numbers by listening to the tones is trivial. This can be done quite easily by software and hardware.

    So if all the popular company phone numbers are known, and all the data being sent to it by customers can be recorded, this presents quite a security problem. With the right amount of equipment you can start capturing all sorts of data being sent over the phone. It will only be a matter of time before you gain enough information to compromise someones identity.

    I am not worried about my neighbors, not worried about my government, but I am very worried about the stranger interested in the fact I called Washington Mutual.

    1. Re:Privacy the least of our concerns by QuantumG · · Score: 3, Insightful

      Yeah, you're still not getting it. The US government often likes to listen to cell phone conversations in, say, oh, I don't know, Iraq? Syria? A lot of other places where GSM is the cheapest technology available. Some governments like to do the same thing inside the USA. There aint no getting a wiretap when you're an agent for a foreign government.

      --
      How we know is more important than what we know.
  12. Re:For those three people ... by Anonymous Coward · · Score: 5, Informative

    Newsflash - most of the world outside the US uses GSM.

  13. Re:because by Dan541 · · Score: 3, Informative

    Anyway, for those of you wondering what someone could possibly say over a cell phone that's so intercept-worthy, some fancy banks require a key-press or auditory password to access balances and even move funds. You know, like in the movies. You talk as if phone banking is only in the movies. Millions of people access bank accounts this way myself included.

    ~Dan

    --
    An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
  14. Lets look at some facts.... by threeturn · · Score: 4, Informative
    This is a good hack, and impressive work by all involved, but its rather limited in its application. It only works against the GSM A5/1 encryption algorithm. While there is a huge amount of A5/1 equipment out there it's a ~30 year old algorithm that was designed to run on battery powered equipment from the late 80s.

    New GSM equipment already supports A5/3 which is still secure. I think the main impact of this hack is going to be some sensational headlines and a big push to make A5/3 universally available.

  15. Re:That would be awesome by jacquesm · · Score: 4, Funny

    message to your significant other: if he ever uses a non-gsm phone get the frying pan :)

    --
    MP3 Search Engine
  16. Re:That would be awesome by robably · · Score: 4, Insightful

    Turns out that if you don't know the person and what they're talking about then the conversations are extremely boring. People just aren't that interesting on the phone.
    I had the exact opposite experience. I found other people's conversations fascinating, but within a couple of days I'd heard stuff that was so personal it made me realize I shouldn't be listening. Thinking about it, experiencing that at 14 probably led me to believe in people's right to privacy and anonymity today. It certainly led to me never buy a cordless house phone.
  17. Re:For those three people ... by GreatBunzinni · · Score: 3, Informative

    Don't you mean 2.3 billion people? I mean, over 80% of the world's cell phones? The world doesn't end at your doorstop, you know?

    --
    Slashdot, fix your code or at least hire someone who is competent at it to do it for you.
  18. Re:because by TheLink · · Score: 3, Informative

    Regarding government interception, GSM encryption is only from phone to station. At the Telco it's plaintext. So govs can (and probably do) listen to GSM phone calls. Should be common knowledge amongst telco people.

    So GSM crypto even if it was uncrackable is not very helpful if you're really trying to hide your comms.

    Someone I knew once claimed to have extra crypto on his GSM phone so that he could talk "securely" to other people similarly equipped.

    --
  19. iPhone by kellyb9 · · Score: 3, Funny

    Among the phones included clearly can't be the iPhone, otherwise the title would be, "iPhone encrpytion exploit demonstrated!!"

  20. Re:because by Shakrai · · Score: 3, Insightful

    In that case anyone can eavesdrop and subsequently move all your money away.

    Not really. What could you do with his telephone (or online) banking PIN? My credit union's online banking allows the following activities: Transfers between sub-accounts (savings, checking, etc), loan payments, bill payments, check images, statements and direct deposit adjustments (this much into savings, this much into checking, etc, etc).

    Nothing within my online banking would allow you to "move all of my money away". I suppose you could setup a payee in bill payer for yourself, but even at that my credit union wouldn't allow you to directly supply the ACH information -- they'd mail you a check -- and even at that it would take a few days to get the custom payee setup.

    Don't get me wrong. You could screw me pretty badly -- moving all of the funds from my checking account into savings would cause transactions to bounce if I didn't catch it.... But you couldn't drain my account and walk away with the funds for yourself.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.