bit-tech.net

GSM encryption broken

GSM encryption broken

The attack on A5/1 isn't mentioned in the GSM Association 2008 brochure, strangely.

Another gift from this years Black Hat DC conference – after the revelation that contactless credit cards aren't such a good idea after all – is the news that cracking the encryption used by the GSM mobile phone standard might be somewhat easier than you may feel comfortable with.

The A5/1 encryption standard used in the EU and the US has been previously considered to be pretty secure, but research conducted by David Hulton of Pico Systems and Steve Muller from CellCrypt shows that the scheme hasn't aged well. The pair used the conference to showcase a device built for £500 which was capable of breaking the A5/1 encryption on an intercepted conversation in under thirty minutes. It's probably worth mentioning the possible conflict of interest at this point: Pico Systems builds very fast custom hardware including the device used in the attack, and CellCrypt... Well, you can probably guess what they do.

GSM encryption comes in four flavours: A5/0 is no encryption at all, and is the standard for GSM devices shipped to countries the distributors don't like all that much; A5/1 is the fairly robust 'default' encryption implementation used in the EU and the USA; A5/2 is a weakened version of A5/1 offered to countries the distributors have no strong feelings about but which the government may want to keep its eye on; A5/3 is a newcomer to the scene, offering a more robust scheme than A5/1 but currently not implemented for anyone who doesn't work for a three-letter-agency.

A5/2 has been known to be 'broken' for quite some time, with the average time taken to decrypt an intercepted conversation being reported at 15 milliseconds on off-the-shelf PC hardware. A5/1 was, however, always considered secure and the news that interception and decryption of private conversations is within reach of any hacker with a few hundred quid to burn on custom hardware is certain to worry those prone to privacy concerns.

Perhaps the most interesting aspect of the hardware designed by Steve and David is its scalability: the pair claim that by spending $500,000 instead of $1,000 the time taken to decrypt a given message can be dropped to thirty seconds. A worrying thought for those who like their private conversations kept private.

Will you be conducting all your mobile phone conversations in s00per-s3kr1t-c0d3 to circumvent this attack, or is it just one for the ultra-paranoid to worry about? Let us know via the forums.

13 Comments

Discuss in the forums Reply
1ad7 25th February 2008, 09:46 Quote
This doesnt concern well anyone I currently know, but it makes you think about other encryption's and there safety...
If i have something I don't want anyone listening too... ill just go whisper in there ear... paranoia on a cell phone or a plane ticket to Hong Kong to divulge the upcoming bankruptcy of yahoo.com.... wheres my private jet!
Faulk_Wulf 25th February 2008, 14:54 Quote
Am I concerned by this? No.
I might be embarrassed by certain conversations being made public but I don't think any of it is illegal.
Now am I --comfortable-- by this? Definitely.
Big Brother is bad enough but if I need to worry about 'Little Cousin' too then its just --gah--
Bluephoenix 25th February 2008, 15:22 Quote
there is always snail mail, signed and sealed to prevent tampering ;)
naokaji 25th February 2008, 15:30 Quote
If someone wants to listen to my phone calls, go ahead, but be prepared to die form boredom...
Smilodon 25th February 2008, 18:50 Quote
Have GSM encryption ever been secure?

The problem with GSM encryption is that the keys used have to be publicly available for the system to work, which is... well... pointless.

I remember the good, old days when wireless "security" consisted of phones that just switched to a new frequency every 5 minutes or so... They could be tapped using a standard VHF radio. Listening to peoples conversations is incredibly boring, though...


I'm not worried about this. The most intriguing thing I reveal over a conversation is what I'm going to have for diner... If someone want to copy my plans, please go ahead. They could save £500 and just ask, though...
Cthippo 25th February 2008, 19:35 Quote
I didn't even know GSM was encrypted. Can't say I'm bothered by this, really.

I do wonder if the guys at "No Such Agency" read these articles and laugh. "Thirty minutes? What a bunch of amateures! We broke that one a decade ago and do it in real time!".
cpu121 25th February 2008, 20:08 Quote
Quote:
Originally Posted by Bluephoenix
there is always snail mail, signed and sealed to prevent tampering ;)
During the Cold War the Security Services became very good at reading the contents of envelopes without any sign of tampering. :|
sinizterguy 26th February 2008, 01:16 Quote
People making dinner plans might not be concerned, but when you are having a conversation about what direction a multinational corporation is going to take can be all sorts of interesting.
phonon45 26th February 2008, 03:30 Quote
It seems like it would be easier to just sit next to the guy in the airport while he's yelling into his phone.
friskies 26th February 2008, 07:25 Quote
Didn`t even know GSM was encrypted? Here in Norway one could listen to GSM conversations with a capable police scanner, tried it many years ago. Maybe they have implemented encryption later.
Smilodon 26th February 2008, 10:14 Quote
Quote:
Originally Posted by friskies
Didn`t even know GSM was encrypted? Here in Norway one could listen to GSM conversations with a capable police scanner, tried it many years ago. Maybe they have implemented encryption later.

Not GSM. That was the old NMT tetwork :)
Cthippo 26th February 2008, 19:20 Quote
Quote:
Originally Posted by sinizterguy
People making dinner plans might not be concerned, but when you are having a conversation about what direction a multinational corporation is going to take can be all sorts of interesting.

"Oooh, they're going to utilize synergy! We're in trouble now!"
Arkanrais 26th February 2008, 22:25 Quote
Quote:
A5/0 is no encryption at all, and is the standard for GSM devices shipped to countries the distributors don't like all that much;
I rofl'd
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums