Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cheap GSM Eavesdropping a Reality

Posted by Soulskill on from the poking-holes-in-the-ether dept.

Techmeology writes "GSM eavesdropping has been demonstrated at the Chaos Computer Club Congress in Berlin using a €10 Motorola phone and open source GSM firmware. Karsten Nohl and Sylvain Munaut replaced the firmware on the phone, enabling them to process all the data it received. They used already available rainbow tables to decrypt data being sent to and from other mobile phones. They have no plans to release the hack publicly, however they expect others to successfully attempt the hack. Mr. Nohl said the objective was to raise awareness of GSM's insecurity."

19 of 75 comments (clear)

  1. Until phones have real crypto by dgatwood · · Score: 3, Insightful

    Until phones use proper PK crypto with a proper certificate authority, key revocation, etc. under the user's control, you can safely assume your phone calls are trivially snooped over the air. That's just a great big "duh". Not at all surprising that it can be done cheaply. What's surprising is that it took so long.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

    1. Re:Until phones have real crypto by socsoc · · Score: 3, Funny

      I feel safe. First I have my message translated by code talkers, who then encode it into an image and text it to my friends.

      Although lemme tell you, MMS steganography isn't very convenient to see what people are up to.

    2. Re:Until phones have real crypto by 0100010001010011 · · Score: 3, Funny

      Rent a Navajo Today!

      No more worrying if your neighbor is intercepting your calls. No more being paranoid of foreign governments. Conduct insider trading in front of the SEC!

      Word on the street is Julian Assange has his very personal Navajo. No proper business man would be caught with out one.

      - Paid for by the Navajo Talkers of America

    3. Re:Until phones have real crypto by KDN · · Score: 3, Funny

      Assuming you trust the Navajo.

    4. Re:Until phones have real crypto by JockTroll · · Score: 2

      Revoking a Navajo would be much worse.

      --
      Geeks are so full of shit that "beating the crap out of them" takes a whole new meaning.
    5. Re:Until phones have real crypto by eddy · · Score: 2

      I'd settle for AES using a pre-shared key.

      --
      Belief is the currency of delusion.
    6. Re:Until phones have real crypto by Sloppy · · Score: 2

      That's actually a reasonably good idea. I love PK, but in real life, 99% of my phone calls are to people that I already know, where there's just no reason (other than the fact that current devices suck) one can't establish a shared secret in advance. In a sense, even AES is underkill; not that anyone needs more, but even syncing up a few gigabytes of OTP is totally feasible. "Feasible" even understates it; technically it would be trivial.

      We walk around with devices that contain microphones and antennas, and many have CCDs, accelerometers and other crap. They have awesome potential as random number generators. Get two of 'em in the same room for a little while, or spend a few hours charging on the nightstand a few inches away from the spouse's device, and there's the chance to set up a pad with virtually no possibility of eavesdropping unless the room is bugged (and and if you're worried about that, use a cable -- unfortunately, if things have gone that far, you have already lost so it doesn 't matter whether or not you have good crypto).

      Most of our phone calls could be secure, if we wanted that.

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
    7. Re:Until phones have real crypto by dgatwood · · Score: 2

      TLS proves the tower is owned by the telco, but it doesn't prove that the tower isn't compromised. Further, since a sizable portion of towers are owned by local telcos and are merely used by the major telcos, you'd need most of that PK infrastructure to handle such a trust model anyway, so why not do the extra 10% to get it right?

      A proper security scheme really should be end-to-end encrypted, not end-to-nearest-trusted-node encrypted. I realize that this scares the bajeezus out of the powers that be because it makes government eavesdropping difficult as well, but as soon as you leave a back door, it can be exploited.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

  2. I don't care... by fearlezz · · Score: 5, Interesting

    ... because governments spying on their own people are much more dangerous to your privacy than the neighbour wiretapping a conversation. Since governments can simply wiretap your provider, I'd suggest to keep private information off the line at all times.

    --
    .sig: No such file or directory
    1. Re:I don't care... by CastrTroy · · Score: 2

      Exactly. In this day and age, there are so many more and better ways of encrypting your conversations that it's amazing that anybody uses cell phones and other government-tappable means of communication when doing things the government would be interested in. I'm sure that there are many criminals who are using proper crypto to send messages, but there are many-many more who aren't, and those are the ones being caught.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    2. Re:I don't care... by TheRaven64 · · Score: 3, Insightful

      Not true. The government will typically need a warrant to wiretap at the provider. At the very least, they will leave a paper trail. In contrast, they can tap into unsecured communications without any kind of warrant, and if they can do it with $10 of equipment then there is nothing that will require a paper trail.

      --
      I am TheRaven on Soylent News
    3. Re:I don't care... by nospam007 · · Score: 3, Insightful

      "The government will typically need a warrant ..."

      Boy you're so wrong. They just need a National Security Letter.

      http://www.wired.com/threatlevel/tag/national-security-letter/

    4. Re:I don't care... by tunapez · · Score: 4, Insightful

      Actually, they just need to promise to deliver one in a week...
      Third bullet from the bottom.
       
      In this day and age of fear, a kid with an undetonated firecracker, a chip on his shoulder and a lighter could easily be labeled a 'terrorist threat'. Which any lawyer worth his/her salt, or golfs with the judge, could qualify as an 'emergency'. Getting around to sending the letter ex post facto? I'm sure it will be a top priority for the listeners already listening.

      --
      Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
    5. Re:I don't care... by Anonymous Coward · · Score: 2, Insightful

      Remember the retroactive telecom immunity bill passed in 2008? Before that, the rules where that if, say AT&T, reasonably tried to obey the law (it didn't matter whether they actually did or not, they just had to try, and act in good faith) then they would be free of liability. This wasn't good enough so we needed FISA amended.

      Meeting requirements is too onerous? No, even trying to meet requirements is too onerous. Wanting to meet the requirements is too onerous. Having a vague intent to possibly try to be legal if it happens to be convenient, is too onerous. Asking them to not go out of their way to harm the public, is an insult to them.

      And we still vote for the people who changed that law. That's how low we've sunk. That's how important privacy is, and how much we believe in the spirit of the 4th amendment.

  3. Don't use GSM Phones by clonehappy · · Score: 5, Informative

    GSM systems use a rudimentary TDMA system which assigns each user a timeslot on a given frequency. The handset and base station both transmit/receive at the assigned interval to exchange the voice data. There isn't much security to speak of, since the basic encryption used in GSM was broken years ago. 3G GSM systems are probably still secure, as they don't use a TDMA based system. 3G GSM uses a Wideband-CDMA based system which provides greater security of the data being transferred at the physical interface layer.

    Using a CDMA system, which many Americans and the rest of the world see as inferior technology, effectively eliminates the ability for a third party to eavesdrop on a wireless call. In a CDMA system, all data is distributed over the same frequency range, with an ever-changing pseudorandom code assigned to it, using spread spectrum technology. The ability to "guess" the code for any given call (out of I belive over a trillion unique codes) is nearly impossible.

    While this doesn't mean that governments, spy agencies, etc. cannot still listen to your phone conversation, it means Joe Blackhat in his garage across the alley isn't listening to your phone conversation. If I were using a mobile phone for anything remotely private, which I sure as hell don't, I would have to forego using the global standard system in favor of one that uses a more secure air interface (CDMA or 3G GSM). If there are any non-telco geeks that want to know more, read section 5 of the whitepaper linked below, it has some good information on how this all works and how this system works to keep your conversations private, at least from two-bit hackers.

    http://b2b.vzw.com/assets/files/SecurityWP.pdf

  4. Crypto isn't the main problem by ThunderBird89 · · Score: 5, Informative

    The main problem here isn't really cryptographic, but economic: mobile carriers have no vested interest in protecting the privacy of their customers, since the Average Joe doesn't care about it either way, and for those who do, there exist specialized encrypted phones (which, I might add, can all be subverted by hackers with the least bit of determination). This article states that of the two keys being used, the one used to authenticate the SIM towards the provider is very strong, because the providers have an interest in keeping that secure, while the key protecting individual sessions is weak, since it doesn't need to be strong.

    Using strong crypto in the handsets would likely require a more powerful CPU or a dedicated chip, raising the cost and the complexity, making it unattractive to the manufacturers and providers. Also, it wouldn't solve a damn thing, as it would merely shift the focus from eavesdropping to more ... direct methods of obtaining the required information, since a cypher is only as strong as the weakest point, in this case the human endpoints.

    Also, I doubt government agencies are startled at this announcement. I worked at the Hungarian Foreign Ministry, and I had at least one call eavesdropped, and one call actually hijacked by having a third party speak on the line for both of us to hear. The article makes it clear that in order for this to work, you need to know your target and track it for some time, making it impossible to just 'go around snooping in on others' and have this turn into another Google StreetView incident.

    --
    Hyperbole: I use it liberally!
    1. Re:Crypto isn't the main problem by ThunderBird89 · · Score: 2

      RTFA, please, both from the summary and from my comment. In order to carry out this attack, you need to target a single phone on the network, and know both the number and the location. You can't eavesdrop on the general traffic. Like I said, there's no threat of this turning into a StreetView incident.

      --
      Hyperbole: I use it liberally!
  5. There's nothing wrong with GSM by Sloppy · · Score: 4, Informative

    Networks are insecure, period. That should be the underlying assumption of any communications system.

    Then you put endpoint-to-endpoint crypto into the application. If some other layer also encrypts, like the crypto in CDMA or GSM or WPA2 or OpenVPN, that's ok, but it's not something your application should assume is useful, or even needs to be aware of.

    Look at it that way, and GSM and CDMA have identical security: none. Security is the application's problem. We're looking at it all wrong: legacy phones are insecure, because they're an application that is designed to be compatible with .. what, late 1800s tech? Let's stop worrying about the networking tech itself, and fix the app. Fix the app, and the network won't matter.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  6. Re:Surprised? by phorm · · Score: 2

    Depends. A device with a chipset dedicated to a given task may in many cases be comparatively low-powered compared to a general-purpose PC, but may be *very* efficient at what it does. It's one of the reasons even a slightly older GPU will kick ass over software-rendering on most PC's.

    Dedicated hardware can make a big difference in a lot of things, which is one of the reasons why in many systems there is hardware support for specific crypto methods.

    I think that - especially nowadays - this is mostly the result of phone/hardware companies becoming a bit lazy and/or apathetic in terms of data security. With all the focus on speed and profit, security/privacy have been sorely neglected.