Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source GSM Cracking Software Released

Posted by CmdrTaco on from the oh-this'll-be-just-fine dept.

angry tapir writes "The GSM technology used by the majority of the world's mobile phones will get some scrutiny at next week's Black Hat security conference. An open source effort to develop GSM-cracking software has released software that cracks the A5/1 encryption algorithm used by some GSM networks. Called Kraken, this software uses new, very efficient, encryption cracking tables that allow it to break A5/1 encryption much faster than before."

6 of 112 comments (clear)

  1. Please, please... by fuzzyfuzzyfungus · · Score: 3, Informative

    Get with the times, guys. This isn't "GSM cracking" this is "GSM lawful intercept"... At least that is what the folks who already do it routinely call the practice...

  2. Re:Well FUCKING A THIS IS A GOOD THING FOR ALL by Luckyo · · Score: 3, Informative

    Not could but can. It's a pretty well known fact that in most western countries there are schemes in place to allow intelligence agencies direct internal access to cell phone provider networks.

  3. Re:Really? by Eponymous+Coward · · Score: 3, Informative

    From the GSM wikipedia page:

    In 2010, threatpost.com reported that "A group of cryptographers has developed a new attack that has broken Kasumi, the encryption algorithm used to secure traffic on 3G GSM wireless networks. The technique enables them to recover a full key by using a tactic known as a related-key attack, but experts say it is not the end of the world for Kasumi."[17] Kasumi is the name for the A5/3 algorithm, used to secure most 3G traffic.

  4. Re:How ironic by rotide · · Score: 4, Informative

    Add another layer to your tinfoil hat.. I'm not saying what you're suggesting can't happen, but that's not the goal of net neutrality and imagining worst case, back room, scenarios is pointless to argue about.

    Onto "Free market solves everything" mantra. No, it will not solve anything unless the fiber that is laid down (read: already there) is open to equal opportunity leasing at fair prices (which means it has to be governmentally regulated) that the small ISP can afford. Otherwise the costs of entry into the market are way too huge and the telco's will simply drop their price enough to not allow the little guy running new fiber to profit, thus sinking their business.

    Think about it, if you have no right to their fiber, you have to run your own across the city. That will cost millions, easily. You ignore the cost as you think you can make it up later so you start running fiber. The telco's in the area decide, hey, it's costing them millions, lets just drop our prices to make everyone using them switch to us. Now all your subscribers jump ship because ATT just dropped their service plans to $1 a year. You go under, they buy you out, thanks for the new fiber.

    Free market won't work with entrenched telco's who already have the fiber in place plus the will and means to bully you out of the market.

  5. Re:Awesome by athakur999 · · Score: 5, Informative

    There is a key value on the SIM. The same key value is also provisioned in your subscriber profile in your provider's main subscriber registry (aka an HLR - Home Location Register).

    When you're connecting to a mobile network, the serving switch sends a request to your provider's HLR. The HLR sends a set of tokens and an "expected result" value to the serving switch. The serving switch then sends those tokens down to your mobile. Your mobile then sends those tokens to your SIM card and your SIM card sticks them into a function along with the key value and produces a result value. The result value is passed back to your phone and your phone passes it back to the serving switch. The serving switch then compares the result value from your phone with the "expected result" value from your provider's HLR and if they match up, you're good to go.

    Only the SIM and the HLR know your individual key value. Your mobile and the serving network are never provided this value. That's why your phone can't simply replicate the function of your SIM, because it would need to know the key value.

    I think the problem alot of people have is they think of the SIM as just a dumb piece of storage. It really is a separate little computer in it's own right that just so happens to live behind your phone battery.

    --
    "People that quote themselves in their signatures bother me" - athakur999
  6. Re:How ironic by TubeSteak · · Score: 3, Informative

    ISPs are providing a service. They have EVERY RIGHT IN THE WORLD to regulate what's passing through their networks, because it's their network.

    ISPs are providing a service using infrastructure built on public land.
    The internet as we know it would not exist if the telephone/cable companies couldn't use public property.
    It's not so simple as "their network, their rules".

    --
    [Fuck Beta]
    o0t!