NSA Able To Crack A5/1 Cellphone Crypto

jones_supa writes "The most widely used cellphone encryption cipher A5/1 can be easily defeated by the National Security Agency, an internal document shows. This gives the agency the means to intercept most of the billions of calls and texts that travel over radiowaves every day, even when the agency would not have the encryption key. Encryption experts have long known the cipher to be weak and have urged providers to upgrade to newer systems. Consequently it is also suggested that other nations likely have the same cracking capability through their own intelligence services. The vulnerability outlined in the NSA document concerns encryption developed in the 1980s but still used widely by cellphones that rely on 2G GSM. It is unclear if the agency may also be able to decode newer forms of encryption, such as those covered under CDMA."

This is why...

I only speak in Navajo.

Don't Worry they Built it that Way

The NSA has maintained a policy that any encryption that was able to block their efforts was ILLEGAL in the USA. Do you actually expect anything to work? Bluntly do you expect to have your banking transactions secure when they can crack them. How about your phone call confirmations when they can record them and appear to be you. How about a hacker who walks into the NSA back-door in all of this. This makes the NSA the biggest terrorist and criminal agents in the world and the accomplace to the stunningly biggest crime situation in history where nobody is secure!

And this is news?

Hardly rocket science these days, see e.g.https://srlabs.de/decrypting_gsm/

Re: And this is news?

[Joce640k]

A5 has been broken for *years*.

(Since 1994 according to wikipedia: https://en.wikipedia.org/wiki/A5/1#Security , with many improved attacks since then)

So this is hardly "news" ... but it's good to keep shining bright lights on the NSA to keep them scurrying.

Re:And this is news?

[Lennie]

GSM has had problems for many years.

But let's have a look at something a bit more modern.

Did you know with LTE Advanced it's all IP-traffic ? Even speech is IP-traffic.

Did you know the encryption they use is IPSEC ? LTE is 2 types of packets: data and control.

Did you know IPSEC is optional ? The network operator decides what you get, when you roam and connect to an other operator you might actually get something else.

So they got proper encryption (at least I hope they pick the right algorithms, we know IPSEC supports some good but also bad ones), but it's optional. That doesn't sounds particularly smart.

I don't know what the operators really do, I read somewhere: control messages are encrypted, data not always.

Re: And this is news?

[tibman]

I really have enjoyed the document by document approach. Especially when they are related. Document reveals X and implies Y. NSA says we can legally do X but we would never do Y. Two weeks later a new document that explains how they accomplish Y and they've been doing it for a decade. It is truly amusing!

If you don't like them hearing your private speech

[Toe,+The]

Well then, just self-censor. Isn't that the road we're heading down?

So what?

[Guppy06]

My mobile carrier is AT&T. The NSA doesn't need to break the encryption.

Re:So what?

[tulcod]

FYI, in usual radio communication, what flies through the air are not electrons but photons. These photons are generated by wiggling a few electrons back and forth at the transmitter, and this in turn wiggles a few electrons back and forth on the receiving end.

More Haystack, less Needle

I get the feeling they're just drowning themselves in data now. Back in the day, a lot of Turing's great work was for nothing because there wasn't enough staff to process the reams of decrypted traffic coming in, and that was just from the German navy. Yea they can do dumb-ass word-level matching automatically, but I guess most of the potentially useful semantic stuff goes straight down the drain.

Re:If you don't like them hearing your private spe

Why should we self-censor, they shouldn't be listening in without probable cause. I don't care about differing opinions on that front.

Re:If you don't like them hearing your private spe

It isn't a private speech. You have no reasonable expectation of privacy because it is now widely known that the government spies on our communications. Therefore, it is not reasonable to have an expectation of privacy.

Man, the courts really screwed up when they called it an "expectation of privacy".

Hysterics

[squiggleslash]

1. A5/1 is the "insecure, intended for export" cipher. Any US or European operator that uses it is not following recommendations.
2. It was cracked in the early 1990s. It would be bizarre if the NSA didn't know how to read it. Like I said, it was never intended to be secure by its creators. As in - GCHQ, the NSA's UK ally, has ALWAYS known how to crack it.
3. One problem with intercepting a GSM mobile call would be dealing with the fact that, as soon as you move away from the transmitting device, you're having to deal with interference from neighboring cells. Which is why any intelligence agency worth its salt isn't going to do that terribly often. What they'd do is install the tap on the operator's network.

So, in short, this article is claiming the NSA "can do" something, but only in non-Western countries, that it's unlikely to need to do given the fact the alternatives are way easier, and that we know it "can do" anyway, and knew it in the mid-1990s, and probably figured it could do right from the beginning given the close relationship between the NSA and CCHQ. This is news... why?

Re:Hysterics

[cianduffy]

A5/1 is not the export cipher - that's A5/2.

Can you hear me now?

[Sponge+Bath]

Loud and clear. All your phone calls are belong to us.

Re:If you don't like them hearing your private spe

[davecb]

Actually it's an expectation a randomly-selected private individual would have, in the absence of specific knowledge. The proverbial "person on the Clapham omnibus" would have the expectation that the government won't act illegally against him. The paranoid wearing the tinfoil hat in the next seat, who considers all governments illegal and intrusive, doesn't count in this case.

It's also called "a reasonable expectation of privacy", where "reasonable[1]" doesn't include admittedly illegal mass collection efforts by the CSE.

Now that the cat's out of the bag, reasonable expectations still hold (the action's illegal, after all), but absolute ones fail. Consult a lawyer in your country for specifics.

--dave
[1. It's interesting to note you can't translate "reasonableness" into Latin or modern French. It seems to be something very English-language-specific. My college's motto, "Let Reasonableness Flourish", is in English because of that oddity, and it says interesting things about other countrys' jurisprudence.]

Thst's 14 year old news

[ei4anb]

It has been common knowledge for at least 14 years that governments could eavesdrop on A5/1 traffic http://cryptome.org/gsm-joke.htm

Many governments have warned industrialists not to discuss secrets when using a mobile phone near the country borders. Only the radio channels are encrypted in GSM, lawful interception happens on the wired network that interconnects the base stations so eavesdropping on A5/1 is mostly used when lawful interception is not an option, e.g. listening to the GSM traffic of other countries.

Re:If you don't like them hearing your private spe

> [1. It's interesting to note you can't translate "reasonableness" into Latin or modern French. It seems to be something very English-language-specific. My college's motto, "Let Reasonableness Flourish", is in English because of that oddity, and it says interesting things about other countrys' jurisprudence.]

After five years of Latin, I feel fairly confident in saying the following:

rationabilis is Latin for "reasonable" or "rational".

-itas is the Latin suffix for "-ness".

Thus, it would be fair to say that "rationabilitas" is Latin for "reasonableness". So no, reasonableness is not an English-language specific concept. And no, it doesn't imply shit about anything.

VoIP + ZRTP

[mrchaotica]

I haven't tried it out yet, but ZRTP apparently provides strong (PGP-based) encryption for VoIP. So why not just quit using cellphone "voice calls" entirely? There exist cellphone plans that provide enough data cheaply enough to make this work economically.

Re:If you don't like them hearing your private spe

[mrchaotica]

Hey, the DMCA makes it illegal to circumvent DRM no matter how ineffective it is. Surely, since the laws are entirely fair and symmetrical, the expectation of privacy remains when using encrypted communications no matter how ineffective that encryption is... right?

Re:Only Logical

[zippthorne]

The problem is that they can apparently issue their own warrants, in secret.

Re:Only Logical

[NormalVisual]

And the other part of the problem is that those charged with enforcing the laws won't do it. Both James Clapper and Keith Alexander have openly admitted to lying before Congress (which is a federal felony) regarding the NSA issue, and no one responsible for enforcing the law has said boo about it.

Re:scanners

[plover]

The original wiretap laws passed in 1968 were clear in that it was the use of devices to intercept a conversation with a "reasonable expectation of privacy" that was a violation, not simply owning them.

The current laws banning cell phone receivers were not created from logic. The laws were created in a poorly-thought-out reaction to some incident involving a VIP; I think some reporter recorded some congressman's cordless phone chat with his mistress, and published it. The wiretap laws passed in 1968 were very clear in that they protected wire based communications, but they did not include radio based communications, and so the reporter went unpunished.

This was another case where the average Joe Sixpack long had the ability to buy an off-the-shelf scanner, but he frequently demonstrated that he lacked the ethics required to prevent himself from using it to violate the law. There were other problems, too, where organized criminals would operate a scanner to listen for police responses to their activities. (At least that was the published story - we don't know how widespread this problem actually was.)

So Congress, applying all their legendary skills at doing the right thing, went to the dark side and banned the equipment, instead of strengthening the illegality of the act. A law was passed making possession of an unauthorized receiver illegal. Joe Sixpack didn't like being told no, so he began buying certain brands of scanners that had "blocking diodes" that could be easily clipped from the circuit. The FCC banned those as well, in 1997.

It's very much like the gun debate, but radios aren't protected by the second Amendment.

Can you build one yourself? Of course. Can you buy one from another country and use it here? Of course. But both of those acts take time, knowledge, and effort, and Joe Sixpack doesn't like to be bothered. So the law takes advantage of people's propensity towards laziness and self-doubt about their skills.