Slashdot Mirror
Open Source GSM Cracking Software Released
angry tapir writes "The GSM technology used by the majority of the world's mobile phones will get some scrutiny at next week's Black Hat security conference. An open source effort to develop GSM-cracking software has released software that cracks the A5/1 encryption algorithm used by some GSM networks. Called Kraken, this software uses new, very efficient, encryption cracking tables that allow it to break A5/1 encryption much faster than before."
Release the Kraken!
Get with the times, guys. This isn't "GSM cracking" this is "GSM lawful intercept"... At least that is what the folks who already do it routinely call the practice...
They are TRYING to show that the ability to crack GSM must already exist because it has been so easy for them to do. If a Government or powerful organization wanted to listen to a GSM call, they could be doing it today.
http://soylentnews.org/~tibman
Not could but can. It's a pretty well known fact that in most western countries there are schemes in place to allow intelligence agencies direct internal access to cell phone provider networks.
TFA also points out that eavesdropping as 'easy' as making a fake tower, getting phones to connect to it, commanding them to drop encryption, and having enough disk space to save the conversations. Not very expensive, and not very difficult.
So this would work well if you brought a fake tower with you to an event, like a convention or even a press conference, and just gather conversations at will. Setting up a tower near the White House would not be impossible, unless they already understand this and have an onsite tower they can secure. The Secret Service is no doubt already working with this, if not already in place. If VZW or Sprint is their most common carrier, well, those are different standards so this is not the problem.
All said and done, it is not impractical to be able to eavesdrop on GSM phones, though it is nontrivial. Data intercept I don't know a lot about.
deleting the extra space after periods so i can stay relevant, yeah.
Burning some karma here.
Ironic that this is hot on the heels of Slashdot's pro-net neutrality story. If the government took over the internet, it would make sure to "regulate" any websites posting this kind of cracking information. Want to pirate it on Bittorrent? Sorry, the government would "regulate" Bittorrent too thanks to political donations from lobby groups like the RIAA/MPAA. In fact, the government would require all your activities to be logged by ISPs for investigative purposes.
Net neutrality--proving that there are always people naive enough to hand great things over to the government where they are ruined forever.
Net Neutrality is not about the government taking over the internet! It is exactly the opposite (they ensure that the internet is not "regulated"). How many times must this be said?
You do realize that net neutrality is the _absence_ of filtering, right?
See, the whole idea is that an ISP that also owns other companies, or is affiliated somehow, can't step in and decide what is and isn't viewable, charge more, etc.
I think what you meant to say was that this is exactly what will happen if the telcos took over the internet. They would just not route any traffic to bittorrent at all.
What is this government take over of the internet you speak of? Or do you forget that the government invented the internet? Without the government, we would still be using AOL, Compuserv, and Prodigy. Which, coincidently is exactly what the anti-net neutrality folks would like to see returned.
Anti Net neutrality--proving that there are always people naive enough to hand great things over to corporations where they are ruined forever.
What I don't understand is why they don't use something along the lines of a Diffie-Hellman key exchange when a call is being set up. In the case of wireless communication, all data gets broadcast in all directions, so setting up an MitM attack wouldn't work, or at least be instantly recognized as such, unless one could somehow intercept 100% of the signal before it reaches its destination, which I'd think isn't generally going to be feasible.
File under 'M' for 'Manic ranting'
"Can you hear me now?"
"Yup"
"yes"
"uh-huh"
"me too!"
"absolutely!"
If I wanted a flame war I'd say you know nothing about what a common carrier is.
That however would leave me open to not knowing the concepts of giving an inch and them taking a mile.
Regulation by telling a corporation they can't self-regulate communication based on content will be a sticky issue since it has to be constantly defended against the government saying, YOU corporations can't regulate content but WE can. But at least there are some mechanisms in place that allow the people to control the government. The only mechanisms that allow people to have control over corporations is the market, and if the corporation has a monopoly on the physical lines, there is no market.
A libertarian shat on my carpet once. Claimed the free market would sort it out. -Ford Prefect(8777)
From the GSM wikipedia page:
In 2010, threatpost.com reported that "A group of cryptographers has developed a new attack that has broken Kasumi, the encryption algorithm used to secure traffic on 3G GSM wireless networks. The technique enables them to recover a full key by using a tactic known as a related-key attack, but experts say it is not the end of the world for Kasumi."[17] Kasumi is the name for the A5/3 algorithm, used to secure most 3G traffic.
Part of the issue... you have to remember how old the GSM standards are. The processing chips didn't have nearly as much oomph as they do today. Most more modern encryption schemes would not have been feasible to even put in a chip that would a) physically fit in a cell phone b) be low enough power to have any meaningful cell phone usage c) have costs low enough to be considered cheap enough to put into cell phones.
You do realize that net neutrality is the _absence_ of filtering, right?
That is how you define it. Never underestimate the power of a senator who can draft a 2000 page bill that does exactly the opposite of what its title implies. You're just like the guy in the previous conversation who suggests Fox News should be regulated: once you start regulating what can and can't be on the internet, it's just a step away from blocking it.
See, the whole idea is that an ISP that also owns other companies, or is affiliated somehow, can't step in and decide what is and isn't viewable, charge more, etc.
Exactly, it's something the government should be doing. As an example of how it could be done, think of the financial regulator positions created in the financial bill that just passed. For a communications bill, we create an Internet Supervisor position, whose job it is to make sure none of the ISPs are illegally blocking stuff. He goes around, runs tests, etc. Harmless stuff. Then on page 1283 of the bill, in a small, single sentence, we give him power to decide how traffic should be regulated. Then give the Supervisor position to someone sympathetic to our cause, and there is no end to the ways that language can be abused. Should we block traffic we don't like? He has the power. Should we use it to speed up the websites of our campaign donors? He has the power. See how this stuff works?
What needs to be done is break up the monopolies where they exist so there is real competition between ISPs. Then we don't have to worry about this kind of thing: if an ISP does something we don't like, we can switch.
Qxe4
Senators don't draft (or even read) 2000 page bills. Their corporate overlords have staff to take care of those pesky details.
I am becoming gerund, destroyer of verbs.
Add another layer to your tinfoil hat.. I'm not saying what you're suggesting can't happen, but that's not the goal of net neutrality and imagining worst case, back room, scenarios is pointless to argue about.
Onto "Free market solves everything" mantra. No, it will not solve anything unless the fiber that is laid down (read: already there) is open to equal opportunity leasing at fair prices (which means it has to be governmentally regulated) that the small ISP can afford. Otherwise the costs of entry into the market are way too huge and the telco's will simply drop their price enough to not allow the little guy running new fiber to profit, thus sinking their business.
Think about it, if you have no right to their fiber, you have to run your own across the city. That will cost millions, easily. You ignore the cost as you think you can make it up later so you start running fiber. The telco's in the area decide, hey, it's costing them millions, lets just drop our prices to make everyone using them switch to us. Now all your subscribers jump ship because ATT just dropped their service plans to $1 a year. You go under, they buy you out, thanks for the new fiber.
Free market won't work with entrenched telco's who already have the fiber in place plus the will and means to bully you out of the market.
Because then you could copy the card and put it on another phone having effectively multiple phones with the same number. I don't know how the network handles that but I think at least chaos ensues.
Custom electronics and digital signage for your business: www.evcircuits.com
Again, you actually believe the government regulating internet traffic is going to be the absence of filtering? Government--the most corrupt organization in the world--is somehow going to be more neutral than a private organization that is beholden to customer satisfaction? That lobby groups like the RIAA won't petition for special restrictions on torrent traffic?
On top of that, an ISP should absolutely be allowed to decide how its network is run and what traffic goes across it. Internet access isn't a constitutional right. It's their network--they can run it however they want to, and if you don't like it, that's life. I don't like the color of my office, but that doesn't mean the government has the right to restrict what colors offices are painted in.
Stop bringing more and more government into our lives!
It would be nice to know exactly which GSM carriers use A5/1 encryption, and to what extent it is used. Is it a de facto standard, or a fallback algorithm?
There is a key value on the SIM. The same key value is also provisioned in your subscriber profile in your provider's main subscriber registry (aka an HLR - Home Location Register).
When you're connecting to a mobile network, the serving switch sends a request to your provider's HLR. The HLR sends a set of tokens and an "expected result" value to the serving switch. The serving switch then sends those tokens down to your mobile. Your mobile then sends those tokens to your SIM card and your SIM card sticks them into a function along with the key value and produces a result value. The result value is passed back to your phone and your phone passes it back to the serving switch. The serving switch then compares the result value from your phone with the "expected result" value from your provider's HLR and if they match up, you're good to go.
Only the SIM and the HLR know your individual key value. Your mobile and the serving network are never provided this value. That's why your phone can't simply replicate the function of your SIM, because it would need to know the key value.
I think the problem alot of people have is they think of the SIM as just a dumb piece of storage. It really is a separate little computer in it's own right that just so happens to live behind your phone battery.
"People that quote themselves in their signatures bother me" - athakur999
The gov't doesn't have to crack the encryption, they're given a back door by the telcos. This is not only happening today, it has been happening for many years.
Google CALEA for one of the more recent incarnations.
Learning HOW to think is more important than learning WHAT to think.
I don't know how the network handles that but I think at least chaos ensues.
No, actually the network notices that the same phone number is in 2 (or more) different locations, recognizes that's a fraudulent scenario, and shuts them all down.
Then the legitimate owner of the number complains about being shut down, and is issued a new SIM.
---
"I can't complain, but sometimes still do..." Joe Walsh
ISPs are providing a service. They have EVERY RIGHT IN THE WORLD to regulate what's passing through their networks, because it's their network.
ISPs are providing a service using infrastructure built on public land.
The internet as we know it would not exist if the telephone/cable companies couldn't use public property.
It's not so simple as "their network, their rules".
[Fuck Beta]
o0t!
ISPs are providing a service. They have EVERY RIGHT IN THE WORLD to regulate what's passing through their networks, because it's their network.
...Really? Then why if I own, say, a restaurant do I need to let minorities eat in my restaurant? I mean, its mine, right? Why should I let the government tell me that I have to serve Blacks and Asians?
HA! I just wasted some of your bandwidth with a frivolous sig!
.... Can anyone hear me now?.... Good!
"Meanwhile, another Black Hat presenter, Chris Paget plans to demonstrate a completely different way to intercept GSM calls. He's setting up a fake cellular tower that masquerades as a legitimate GSM network.
According to Paget, using open-source tools and a US$1,500 USRP radio, he can assemble his fake tower, called an IMSI (International Mobile Subscriber Identity) catcher. In a controlled experiment, he's going to set one up at Black Hat and invite audience members to connect their mobile phones. Once a phone has connected, Paget's tower tells it to drop encryption, giving him a way of listening in on calls."
Yes, the only question is how to get it to forward calls. A perverse thought is someone plugging a Magic Jack into it, but you probably need something more sophisticated. Like Skype, or Asterick and some SIP minutes. Maybe not even that.
Read Chris's blogs. She's clever. ps - I assume she's a she, she carries a handbag and wears heels, but I'm somewhat limited in my outlook, acording to Chris. I can only tell her how I see it from my frame of reference.
deleting the extra space after periods so i can stay relevant, yeah.
and kindly refrain from ever posting on Slashdot again!
There is a limit of 1 informative post per user. And now you've made me use up mine explaining this to you.
Sleep your way to a whiter smile...date a dentist!