Slashdot Mirror
Cheap GSM Eavesdropping a Reality
Techmeology writes "GSM eavesdropping has been demonstrated at the Chaos Computer Club Congress in Berlin using a €10 Motorola phone and open source GSM firmware. Karsten Nohl and Sylvain Munaut replaced the firmware on the phone, enabling them to process all the data it received. They used already available rainbow tables to decrypt data being sent to and from other mobile phones. They have no plans to release the hack publicly, however they expect others to successfully attempt the hack. Mr. Nohl said the objective was to raise awareness of GSM's insecurity."
Until phones use proper PK crypto with a proper certificate authority, key revocation, etc. under the user's control, you can safely assume your phone calls are trivially snooped over the air. That's just a great big "duh". Not at all surprising that it can be done cheaply. What's surprising is that it took so long.
Check out my sci-fi/humor trilogy at PatriotsBooks.
27C3 => 27th. Chaos Communication Congress not Chaos Computer Club Congress. But it is a congress held by the CCC (Chaos Computer Club) ;-)
And the presentation in question was awesome. I recommend anyone to get the streamdump or, if you can wait a bit, the official video releases that will be released later on. Pretty much all talks on the Congress were recorded and are/will be available for download.
Cheers
... because governments spying on their own people are much more dangerous to your privacy than the neighbour wiretapping a conversation. Since governments can simply wiretap your provider, I'd suggest to keep private information off the line at all times.
.sig: No such file or directory
GSM systems use a rudimentary TDMA system which assigns each user a timeslot on a given frequency. The handset and base station both transmit/receive at the assigned interval to exchange the voice data. There isn't much security to speak of, since the basic encryption used in GSM was broken years ago. 3G GSM systems are probably still secure, as they don't use a TDMA based system. 3G GSM uses a Wideband-CDMA based system which provides greater security of the data being transferred at the physical interface layer.
Using a CDMA system, which many Americans and the rest of the world see as inferior technology, effectively eliminates the ability for a third party to eavesdrop on a wireless call. In a CDMA system, all data is distributed over the same frequency range, with an ever-changing pseudorandom code assigned to it, using spread spectrum technology. The ability to "guess" the code for any given call (out of I belive over a trillion unique codes) is nearly impossible.
While this doesn't mean that governments, spy agencies, etc. cannot still listen to your phone conversation, it means Joe Blackhat in his garage across the alley isn't listening to your phone conversation. If I were using a mobile phone for anything remotely private, which I sure as hell don't, I would have to forego using the global standard system in favor of one that uses a more secure air interface (CDMA or 3G GSM). If there are any non-telco geeks that want to know more, read section 5 of the whitepaper linked below, it has some good information on how this all works and how this system works to keep your conversations private, at least from two-bit hackers.
http://b2b.vzw.com/assets/files/SecurityWP.pdf
The main problem here isn't really cryptographic, but economic: mobile carriers have no vested interest in protecting the privacy of their customers, since the Average Joe doesn't care about it either way, and for those who do, there exist specialized encrypted phones (which, I might add, can all be subverted by hackers with the least bit of determination). This article states that of the two keys being used, the one used to authenticate the SIM towards the provider is very strong, because the providers have an interest in keeping that secure, while the key protecting individual sessions is weak, since it doesn't need to be strong.
... direct methods of obtaining the required information, since a cypher is only as strong as the weakest point, in this case the human endpoints.
Using strong crypto in the handsets would likely require a more powerful CPU or a dedicated chip, raising the cost and the complexity, making it unattractive to the manufacturers and providers. Also, it wouldn't solve a damn thing, as it would merely shift the focus from eavesdropping to more
Also, I doubt government agencies are startled at this announcement. I worked at the Hungarian Foreign Ministry, and I had at least one call eavesdropped, and one call actually hijacked by having a third party speak on the line for both of us to hear. The article makes it clear that in order for this to work, you need to know your target and track it for some time, making it impossible to just 'go around snooping in on others' and have this turn into another Google StreetView incident.
Hyperbole: I use it liberally!
http://xkcd.com/257/
Given the real-time nature of phone conversations and the low amount of processing power that most phones have, surely the solution they chose was a best fit solution? When you throw a modern desktop PC into the equation, then you are going to be able to crack that very quickly. The real question is the GSMA has actually provided other levels of encryption for when processing capability is available? The improved encryption would depend on both phone and tower capabilities.
Jumpstart the tartan drive.
It had to be asked!
Networks are insecure, period. That should be the underlying assumption of any communications system.
Then you put endpoint-to-endpoint crypto into the application. If some other layer also encrypts, like the crypto in CDMA or GSM or WPA2 or OpenVPN, that's ok, but it's not something your application should assume is useful, or even needs to be aware of.
Look at it that way, and GSM and CDMA have identical security: none. Security is the application's problem. We're looking at it all wrong: legacy phones are insecure, because they're an application that is designed to be compatible with .. what, late 1800s tech? Let's stop worrying about the networking tech itself, and fix the app. Fix the app, and the network won't matter.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Cops have been snooping phone calls illegally for years. Drug dealers have been well known, and the cops know exactly where deals go down, and between whom. Phones have been sold as exclusive, private communications. Its over the air. The signal goes everywhere. Unless there is embedded cryptography, its all wide open. Blackberry even had to provide servers that allowed the government to eavesdrop without notice. Don't be shocked! For years, the government has insisted that people who make envelopes allow a 1/2" space between the glue and the top of the envelope, in order that the contents may be tapped to the end that would normally open, and then a small split rod be passed through the opening, catching the contents on each side of the rod. The rod could then be turned, rolling up the contents around the rod. The rod and contents could then be removed through the opening, the contents unrolled, read, re-rolled around the rod, and then both again passed through the opening, then unrolled, and the rod removed, all without removing the seal. Governments love to snoop. The only time they enforce laws about it is when someone tries to violate their monopoly.
because governments spying on their own people are much more dangerous to your privacy
No they aren't, because they don't do anything if they are listening. It's like a tree falling in a forest, is it really a violation of privacy if only automated scanners "hear" your conversation?
Someone actually scanning local GSM calls is way more likely to be doing so for a purpose, perhaps to gather material for blackmail or get things like account numbers or other personal data. That is a far more immediate and personal danger than a giant organization that can't do anything without fifteen signatures knowing that you are having health issues "down there".
"There is more worth loving than we have strength to love." - Brian Jay Stanley
As far as I know, CDMA is still vulnerable to a Man In the Middle attack, where the eavesdropper's equipment pretends to be a basestation. This is the method Chris Paget demonstrated against GSM at Defcon with $1500 of equipment. The equipment cost may be slightly higher with CDMA, but apart from that, the technique should work fine - a MITM attack is independent of the physical layer. Qualcomm have stated that CDMA can be cracked; there was some scandal in South Korea about this, and it was revealed that they issue their cabinet members with phones that do end to end encryption because they assume CDMA has been cracked by the North.
I have a working theory: If you post your costs and profits, people will accept you making a profit. When you do not they are left to their imagination. Texting is old school as TTY....and the charges are overinflated. The industry should not use this as a standard...or we will call them greedy shits...because...y'know...it is fitting.
Sounds to me that this problem is simple to solve, even with a naive solution. Take for example a simple key agreement algorithm like Diffie-Hellman which (for the unfamiliar with the subject) allows 2 parties to reach a secret key (called K) with a simple set of math and shared parameters (which the hackers can get but can't really use them for their advantage/finding K).
With a simple key agreement and some fast cryptographic algorithm (maybe AES) all conversations could be secure no matter what the network security was. It can even be implemented on top of current protocols AFAIK. And if people suggest that the CPU power might be too great then I just would like to remember that nowadays almost every phone has a browser (even if it's a WAP browser) and that HTTPS already uses key agreement and encryption.
I also view this (suggestion of) improvement as raising the bar in protecting the public's privacy because with this protocol in place it would be very difficult/expensive for authorities to break and eavesdrop on people conversations. With a warrant however, the network providers (cell carriers and other phone services) could put in place a way for authorities to get the key to decrypt the conversation taking place.
I for one can't wait to see a green lock next to my in-call HUD.
This person has posted complete BS and been modded to +5 for it. CDMA versus TDMA has absolutely nothing to do with security or encryption, or the ability of anyone with $500 and an eBay account to recover the baseband data.
Basically, if you're concerned with wireless security, you don't want to fall for anything in that Verizon document. It was obsolete when the first GNU Radio USRP shipped.