Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cell Phone Encryption Exploit Demonstrated

Posted by Soulskill on from the wiretapping-on-the-cheap dept.

Saxophonist brings us a story from Forbes about security researchers who demonstrated a new method for breaking the encryption on GSM cellular signals. The presentation was made at the recent Black Hat conference, and it's notable for the fact that the technique only requires "about half an hour with just $1,000 in computer storage and processing equipment." The researchers also claim to have found a faster method, which they intend to market for $200,000 - $500,000. Quoting: "Undetectable, 'passive' systems like the one that Muller and Hulton have created aren't new either, though previous technologies required about a million dollars worth of hardware and used a "brute force" tactic that tried 33 million times as many passwords to decrypt a cell signal. All of that means, Hulton and Muller argue, that their cheaper technique is simply drawing needed attention to a problem that mobile carriers have long ignored--one that well-financed eavesdroppers may have been exploiting for years. 'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?' Muller says."

5 of 153 comments (clear)

  1. Overkill for neighbours by Techman83 · · Score: 5, Funny

    why shouldn't your next-door neighbor? Considering how many mobile users seem to scream into the damn things this may almost be redundant! /joke
    --
    # cat /dev/mem | strings | grep -i cat
    Damn, my RAM is full of cats. MEOW!!
  2. There never was end-to-end encryption... by compumike · · Score: 5, Insightful

    There are stories like this all the time, but tech people still have trouble convincing most users that end-to-end encryption is important. How is it that it caught on for the web (credit card payments over SSL), but still barely for personal communications (gpg, encrypted IM)? Even in the situations where it's easy to use encryption, many users still can't be made to care -- especially if it's not something enabled by default. Maybe just that those doing the sniffing are suitably quiet about it...
    --
    Electronics kits for the digital generation.

  3. Here's your answer. by palegray.net · · Score: 5, Insightful

    'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?' It's called common decency, something that's clearly fading away in our society.
    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  4. Re:because by palegray.net · · Score: 5, Insightful

    It's really a matter of publicizing the weakness to the point where manufacturers and network providers are forced to do something about it. Average people generally don't care about issues like this until they're really an issue.

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  5. Re:For those three people ... by Anonymous Coward · · Score: 5, Informative

    Newsflash - most of the world outside the US uses GSM.