Intelligence. We're barely threatened by it
|
|
|
Snooping on GSM phones is a doddle
EAVESDROPPING on GSM phones could become more widespread after a hacker broke the encryption algorithm and published the lot.
According to PC World, in a presentation at the Chaos Communication Conference in Berlin, researcher Karsten Nohl said that he had compiled two terabytes worth of cracking tables to work out which encryption key was used to secure a GSM telephone conversation or text message.
It won't be long before someone works out a GSM cracking device, he claimed, although of course that would be regarded as illegal by the GSM phone networks.
GSM is vulnerable because of the weak nature of its 20 year old encryption algorithm. It's a 64-bit cipher called A5/1.
Nohl said that by using his tables, plus antennas, specialized software and $30,000 worth of computing hardware to break the cipher, someone can crack the GSM encryption in real time and listen in on calls.
Nohl, who uses a Blackberry GSM phone himself but has taken to using encrypted landlines for private conversations, says that the point of the research is to make it clear that GSM calls are not secure.
The GSM Association has developed a next-generation standard called A5/3 that is considered much more secure. That's the standard that is used on 3G networks to carry Internet traffic. µ
Share this:
Share
http://www.global-security-solutions.com/PGFDigitalCellularIntercepter.htm
http://www.theukwebdesigncompany.com/articles/article.php?article=1191
According to Srinivas (2001), one of the other claims was made by the ISAAC security research group. They asserted that a fake base station could be built for around $10,000, which would allow a “man-in-the-middle” attack. As a result of this, the real base station can get deluged which would compel a mobile station to connect to the fake station. Consequently, the base station could eavesdrop on the conversation by informing the phone to use A5/0, which is without encryption.
One of the other possible scenarios is of insider attack. In the GSM system, communication is encrypted only between the Mobile station and the Base Transceiver station but within the provider’s network, all signals are transmitted in plain text, which could give a chance for a hacker to step inside (Li, Chen & Ma).
I liked the line of the phone companies considering that illegal -- and here all along I thought it was government in charge of the laws. Oh, I forgot, government went to the highest bidders awhile back, didn't it?
this should keep the script kiddies out (for a while)
"If it was that easy wouldnt it have been broken 10+ years ago?"
10 years ago you would have needed about 15-20 hard disks to store a 2 TB rainbow table. Not to mention that the computing power to handle such a huge table was not available and RAM memory was slow, small and expensive.
Now we have 2 TB HDDs, 4 GB memory sticks and powerful quad core processors available in the consumer market and that is what makes this kind of attack possible in realtime.
If it was that easy wouldnt it have been broken 10+ years ago?
Must be more to it than that.
It's supposedly held out 15+ years thats longer than most modern systems.