GSM Encryption Has Been Cracked
December 30th, 2009The analog mobile phone systems from the 1980s sent conversations flying around, totally in the clear. Anyone with decent scanner used to be able to listen to the calls. Now, with a bit of open source software and some inexpensive hardware, in a way, it’s back to the future.
Keep in mind, however, that this has always been “cracked” for law enforcement and intelligence agencies. The encryption only kept GSM calls private from teenagers and the dudes with long beards who wear dirty black T-shirts and sit in their vans with their radio equipment and antennas. HA. This could bring on a new golden age for the scanheads.
Start counting the hours or days until “interesting” phone conversations start appearing in the internets.
Via: Daily Tech:
For 21 years, the same encryption algorithm, A5/1, has been employed to protect the privacy of calls under the Global Systems for Mobile communications (GSM) standard. With the GSM standard encompassing 80 percent of calls worldwide (AT&T and T-Mobile use it within the U.S.) — far more than the leading rival standard CDMA — this could certainly be considered a pretty good run. However, someone has finally deciphered and published a complete analysis of the standard’s encryption techniques in an effort to expose their weaknesses and prompt improvement.
Karsten Nohl, a 28-year-old German native, reportedly cracked the code and has published his findings to the computer and electronics hacking community. Mr. Nohl, who cites a strong interest in protecting the privacy of citizens against snooping from any party, says that his work showcases the outdated algorithms’ flaws.
At the Chaos Communication Congress, a four-day conference of computer hackers that runs through Wednesday in Berlin, he revealed his accomplishments. He describes, “This shows that existing GSM security is inadequate. We are trying to push operators to adopt better security measures for mobile phone calls.”
The GSM Association, the London-based group that developed the standard and represents wireless companies, was quick to blast the publication calling Mr. Nohl’s actions illegal and counterintuitive to the desire to protect the privacy of mobile phone calls. However, they insist that the publication in no way threatens the standard’s security.
Claire Cranton, an association spokeswoman, confirmed that Mr. Nohl was the first to break the code, commenting, “[Security threats from the publication of this standard are] theoretically possible but practically unlikely. What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.”
Mr. Nohl attended college in the U.S. and received a PhD in computer engineering from the University of Virginia. Via a similar publication, he managed to convince the DECT Forum, a separate standards group based in Bern, to upgrade its own security algorithm, improving the protection to the standard’s 800 million customers in the process.
And while the trade group is only on yellow alert, some security experts disagree with the group’s threat analysis, as well, saying the threat could be far more serious. One expert suggested that calls may soon need to be scanned for malicious activity, much as an antivirus scanner works on a computer.
Stan Schatt, a vice president for health care and security at the technology market researcher ABI Research in New York, opines, “Organizations must now take this threat seriously and assume that within six months their organizations will be at risk unless they have adequate measures in place to secure their mobile phone calls.”
The process of cracking the algorithm involved the help of 24 members of the Chaos Computer Club in Berlin, who helped generate the random combinations needed to try and reproduce the standard’s code book, so to speak. The vast log of binary combinations forms the basis of the A5/1 encryption — and how to undo it. And it’s now on torrents worldwide.
Despite that, Mr. Nohl insists that his actions aren’t illegal. He says he took great precautions to make sure his work was kept purely academic, in the public domain, and that it was not used to crack any actual digital telephone calls. He states, “We are not recommending people use this information to break the law. What we are doing is trying to goad the world’s wireless operators to use better security.”
A5/1 is a 64-bit security algorithm. Despite this particular algorithm’s run, 64-bit encryption is considered weaker by today’s standards. Today 128-bit algorithms are considered to be strong enough to protect most data. The GSM Association has devised a 128-bit successor to A5/1, dubbed A5/3, but it has failed to push the standard out across much of the industry.
The Association claims that there’s little danger of calls being intercepted as hackers would have to pick one call stream out of thousands at a cell phone tower. They say that this would take prohibitively expensive sophisticated equipment and software. Security experts disagree with this assessment — including Mr. Nohl who pointed out that there was a wealth of open source software and cheap equipment to accomplish exactly those sort of objectives.
Simon Bransfield-Garth, the chief executive of Cellcrypt, a company based in London that sells software, agrees, saying that the publications opens call interception to “any reasonable well-funded criminal organization”. He adds, “This will reduce the time to break a GSM call from weeks to hours. We expect as this further develops it will be reduced to minutes.”
Why is that a big deal? Over 3.5 billion people use GSM worldwide, including 299 million in North America.
Research Credit: Zenc
I hate it when such organizations try to downplay an attack with such chilish phrases as “that this would take prohibitively expensive sophisticated equipment and software.”
Come on, where do you live?!