[release]A German computer scientist has published details of the secret code used to protect the conversations of more than 4bn mobile phone users.
Karsten Nohl, working with other experts, has spent the past five months cracking the algorithm used to encrypt calls using GSM technology.
GSM is the most popular standard for mobile networks around the world.
The work could allow anyone - including criminals - to eavesdrop on private phone conversations.
Mr Nohl told the Chaos Communication Congress in Berlin that the work showed that GSM security was "inadequate".
"We are trying to inform people about this widespread vulnerability," he told BBC News.
"We hope to create some additional pressure and demand from customers for better encryption."
The GSM Association (GSMA), which devised the algorithm and oversees development of the standard, said Mr Nohl's work would be "highly illegal" in the UK and many other countries.
"This isn't something that we take lightly at all," a spokeswoman said.
Mr Nohl told the BBC that he had consulted with lawyers before publication and believed the work was "legal".
'Secret key'
Mr Nohl, working with a "few dozen" other people, claims to have published material that would crack the A5/1 algorithm, a 22-year-old code used by many carriers.
The code is designed to prevent phone calls from being intercepted by forcing mobile phones and base stations to rapidly change radio frequencies over a spectrum of 80 channels.
It is known to have a series of weaknesses with the first serious flaw exposed in 1994.
Mr Nohl, who describes himself as an "offensive security researcher", announced his intention to crack the code at the Hacking at Random (HAR) conference in The Netherlands in August this year.
"Any cryptographic function is a one way street," he told BBC News. "You should not be able to decrypt without the secret key".
To get around this problem, Mr Nohl, working with other members of the encryption community, used networks of computers to crunch through "every possible combination" of inputs and outputs for the encryption code. Mr Nohl said there were "trillions" of possibilities.
[quote]It lowers the bar for people and organisations to crack GSM calls
Ian Meakin
Cellcrypt[/quote]
All of the outputs are now detailed in a vast table, which can be used to determine the encryption key used to secure the conversation or text message.
"It's like a telephone book - if someone tells you a name you can look up their number," he said.
Using the codebook, a "beefy gaming computer and $3,000 worth of radio equipment" would allow anyone to decrypt signals from the billions of GSM users around the world, he said.
Signals could be decrypted in "real time" with $30,000 worth of equipment, Mr Nohl added.
'Not practical'
It has previously been possible to decrypt GSM signals to listen in on conversations, but the equipment cost "hundreds of thousands of dollars," experts said.
According to Ian Meakin, of mobile encryption firm Cellcrypt, only government agencies and "well funded" criminals had access to the necessary technology.
He described Mr Nohl's work as a "massive worry".
"It lowers the bar for people and organisations to crack GSM calls," he told BBC News.
"It inadvertently puts these tools and techniques in the hands of criminals."
However, the GSMA dismissed the worries, saying that "reports of an imminent GSM eavesdropping capability" were "common".
It said that there had been "a number" of academic papers outlining how A5/1 could be compromised but "none to date have led to a practical attack".
The association said that it had already outlined a proposal to upgrade A5/1 to a new standard known as A5/3 which was currently being "phased in".
"All in all, we consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM," the spokeswoman said.[/release]
[URL="http://news.bbc.co.uk/1/hi/technology/8429233.stm"]Source[/url]
I seriously doubt this will be such a bad security risk to the general public unless your neibour is determined to know what you're having for dinner.
Why would this really matter. If someone wants to talk about really classified shit, why would they talk on a normal cellphone?
[QUOTE=AlphaGunman;19275971]Why would this really matter. If someone wants to talk about really classified shit, why would they talk on a normal cellphone?[/QUOTE]
Landline you mean?
[QUOTE=AlphaGunman;19275971]Why would this really matter. If someone wants to talk about really classified shit, why would they talk on a normal cellphone?[/QUOTE]
Because normally they're pretty secure.
Also, if you use Sprint/Verizon, you're fine. CDMA/EV-DO isn't affected.
[QUOTE=MachiniOs;19276031]Landline you mean?[/QUOTE]
Wiretap. :cop:
[QUOTE=pentium;19276480]Wiretap. :cop:[/QUOTE]
It's not hard to tell if your phone's tapped most of the time.
Because an expert can crack the code, it's now a security risk...?
[QUOTE=Kagrenak;19276049]Because normally they're pretty secure.
Also, if you use Sprint/Verizon, you're fine. CDMA/EV-DO isn't affected.[/QUOTE]
Yeah but CDMA is shit, they discontinued it here in Australia.
[QUOTE=:smug:;19276502]Because an expert can crack the code, it's now a security risk...?[/QUOTE]
No he published the codes, so anyone who knows how can use them.
[QUOTE=MachiniOs;19276519]No he published the codes, so anyone who know enough can use them.[/QUOTE]
Because everyone has $30,000 worth of radio equipment lying around
So why the fuck would he do that?
[QUOTE=Umi-hebi;19276524]Because everyone has $30,000 worth of radio equipment lying around[/QUOTE]
Anyone who wants to intercept confidential phone calls won't exactly be short on money.
[QUOTE=Kagrenak;19276049]Because normally they're pretty secure.
Also, if you use Sprint/Verizon, you're fine. CDMA/EV-DO isn't affected.[/QUOTE]
I'd say that something that takes 5 months of intense work to crack is fairly secure.
Does this mean those commie bastards heard me talking to my mum?
[QUOTE=Hallucinate;19277032]I'd say that something that takes 5 months of intense work to crack is fairly secure.[/QUOTE]
Not really, it was five months for just the algorithm thingy.
[editline]05:10PM[/editline]
[QUOTE=MachiniOs;19276912]Anyone who wants to intercept confidential phone calls won't exactly be short on money.[/QUOTE]
James Bond on budget.
[editline]05:11PM[/editline]
[QUOTE=AlphaGunman;19275971]Why would this really matter. If someone wants to talk about really classified shit, why would they talk on a normal cellphone?[/QUOTE]
I know they use satellite phones and scramblers just like in 24.
[QUOTE=Hallucinate;19277032]I'd say that something that takes 5 months of intense work to crack is fairly secure.[/QUOTE]Not secure anymore.
Also it's now possible with just [B]3,000$[/B], it's very cheap and thus is a security concern. Some people spend more money to get 3 fps more in Crysis, so people can afford that if they want...
What you could do is use HSDPA/HSUPA and a VOiP program and encrypt with 128Bit AES. That'll fuck them (and your phone's battery life) over.
[QUOTE=Kagrenak;19279022]What you could do is use HSDPA/HSUPA and a VOiP program and encrypt with 128Bit AES. That'll fuck them (and your phone's battery life) over.[/QUOTE]
Or hack into a rogue Ex-USSR satellite with your satellite phone, jump through 8 different satellites in-space, reroute all data encrypted by 4096-bit AES+ 4096-bit Blowfish finally to a submarine under the north pole, where they'll launch a fish that has your message written on it through the torpedo tube, and wait until the person you want to send the message catches that fish. Doesn't really work in reverse though.
:smugdog:
[QUOTE=evilking1;19280013]Or hack into a rogue Ex-USSR satellite with your satellite phone, jump through 8 different satellites in-space, reroute all data encrypted by 4096-bit AES+ 4096-bit Blowfish finally to a submarine under the north pole, where they'll launch a fish that has your message written on it through the torpedo tube, and wait until the person you want to send the message catches that fish. Doesn't really work in reverse though.
:smugdog:[/QUOTE]
What if the fish gets eaten?
publishing the instructions for code-cracking was stupid and mean in my opinion. If one science group had to work 5 months to crack this, I doubt that anyone else could have made it.
[QUOTE=Bugster;19280579]What if the fish gets eaten?[/QUOTE]
It's being launched through a motherfucking torpedo tube at so badass speed that nothing dares to eat it.
[editline]08:10PM[/editline]
[QUOTE=IniNThJu;19280620]publishing the instructions for code-cracking was stupid and mean in my opinion. If one science group had to work 5 months to crack this, I doubt that anyone else could have made it.[/QUOTE]
Not really, if it was 5 months now it would be five days in 10 years.
[QUOTE=Bugster;19280579]What if the fish gets eaten?[/QUOTE]
Dropped call.
[QUOTE=:smug:;19276502]Because an expert can crack the code, it's now a security risk...?[/QUOTE]
Gotta love open source
[QUOTE=Umi-hebi;19276524]Because everyone has $30,000 worth of radio equipment lying around[/QUOTE]
[QUOTE=evilking1;19277309]Also it's now possible with just [B]3,000$[/B], it's very cheap and thus is a security concern. Some people spend more money to get 3 fps more in Crysis, so people can afford that if they want...[/QUOTE]
Actually it's even less.
[QUOTE=AlphaGunman;19275971]Why would this really matter. If someone wants to talk about really classified shit, why would they talk on a normal cellphone?[/QUOTE]
The scientist said he doesn't even consider the GSM encryption a suitable protection against your voyeurist neighbor.
[editline]09:33PM[/editline]
[QUOTE=evilking1;19280632]Not really, if it was 5 months now it would be five days in 10 years.[/QUOTE]
Not to mention criminals could easily place like 200 CUDA nodes on it's ass and be done in 1 month or less.
[QUOTE=DrTaxi;19281099]
Not to mention criminals could easily place like 200 CUDA nodes on it's ass and be done in 1 month or less.[/QUOTE]
Yeah well now as they got it cracked (they got a rainbow-table type system now?) you don't even need anything speical.
[QUOTE=evilking1;19283430]Yeah well now as they got it cracked (they got a rainbow-table type system now?) you don't even need anything speical.[/QUOTE]
We were talking about the hypothetical case of them NOT releasing their results, I'm trying to defend their action.
[QUOTE=:smug:;19276502]Because an expert can crack the code, it's now a security risk...?[/QUOTE]
An "expert" who only managed to do it by bruteforcing the trillions of possible combinations.
This is just an asshole being a script kiddie and getting publicity for it. He didn't really care about the security, he just wanted to break it.
[QUOTE=DrTaxi;19284434]We were talking about the hypothetical case of them NOT releasing their results, I'm trying to defend their action.[/QUOTE]
Yeah, someone will crack it eventually, it's a good thing since it's the only thing that keeps the security growing faster than people can crack it.
So much for phone sex.
[QUOTE=ThePuska;19284663]An "expert" who only managed to do it by bruteforcing the trillions of possible combinations.
This is just an asshole being a script kiddie and getting publicity for it. He didn't really care about the security, he just wanted to break it.[/QUOTE]
If script-kiddies can hack GSM what could the real crackers do then, hack to pentagon with their left hand as seen in the movies?
Sorry, you need to Log In to post a reply to this thread.
