Tom Olzak (Director, Information Security) posted 2/21/2008 | Comments (0)
Researchers have known for several years that wireless telephone converstations over GSM networks are theoretically subject to eavesdropping. This is due to a weakness in GSM networks (used by companies like AT&T and T-Mobile) that allows cracking GSM A5/1 encryption. For example,
Researchers Professor Eli Biham and doctoral student Elad Barkan, and Nathan Keller, all of the Technion Institute in Haifa, discovered basic weaknesses in the encryption scheme used in GSM networks.
According to Biham, the attack allows an eavesdropper to tap into a conversation while a call is been set up and a phone at the receiver's end is still ringing. After this, a conversation can be overheard.
"Using a special device it's possible to steal calls and impersonate callers in the middle of a call as it's happening," Biham told Reuters.
The security loophole arises because of a fundamental mistake made by GSM developers in creating a system which corrected for interference of the line prior to encrypting a conversation, he explained.
Source: Israeli boffins crack GSM code, John Leyden, The Register, 4 September 2004
The results of the Israeli research was published in a paper titled Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication. However, actually cracking GSM-based communications for fun and profit was very difficult due to the length of time it might take to crack the encryption--until now.
At this week's Black Hat conference in Washington, D.C., researchers asserted that technology "under development" will provide law enforcement as well as criminal elements the ability to tap into GSM-based calls with technology that costs as little as $1,000.
... The 64-bit encryption method used by GSM, known as A5/1, was first cracked in theory about 10 years ago, and researchers David Hulton and Steve, who declined to give his last name, said today that expensive equipment to help people crack the encryption has been available online for about 5 years.
Until now, however, it's been prohibitively expensive for people to get their hands on this technology. If it works, the technology Hulton and Steve are developing should be able to crack GSM encryption in less than 30 minutes with about $1,000 worth of equipment, or in about 30 seconds with $100,000 worth of equipment. The technology could potentially be helpful to law enforcement investigators, but could also be taken advantage of by malicious hackers. Hulton says he plans to commercialize the more expensive version of the technology.
Other hardware Hulton and Steve referenced uses two different techniques to snoop on GSM calls and can cost between $70,000 and $1 million. So-called "active" systems simulate a GSM base station and don't rely on encryption because they trick phones into connecting to the GSM network through them. Other, so-called "passive" systems snoop on the traffic and are far more expensive.
Hutton and Steve's technology relies on the use of an array of devices known as field programmable gate arrays to first create a table of all the possible encryption keys -- in this case 288 quadrillion -- and then decrypt each of those over the course of three months. The resulting tables of keys could then be used by software to decrypt GSM communications, which first have to be intercepted using a receiver that can listen in on GSM frequencies.
Source: Black Hat Conference: Security Researchers Claim To Hack GSM Calls, J. Nicholas Hoover, InformationWeek, 20 February 2008
So what does this mean to the average consumer?
First, the technology to hack into GSM communications is still experimental, and the cost is still a little high for mass consumption. I don't think we have to worry anytime soon about GSM encryption being reasonable and appropriate. But that doesn't mean that there is no risk.
There are a score of GSM intecept solutions on the market today. An example is the The Scandec, Inc. Real-time GSM System, shown in Figure 1.
Figure 1
The ScanDec system--sold only to certified government agencies, according to the documentation--performs the following functions.
•Will read and display text messages, internet info, and data.
•Will display dialled numbers, as well as fragments of IMEI numbers
•Receiving and demodulating and decoding of simplex and duplex data channels.
•Informs of targets temporary and constant identifiers, like subscribers number.
Once a more efficient and less costly A5/1 encryption cracking technology is integrated into these intercept solutions, getting to cellular traffic will get a lot easier. But time is the enemy of anyone hoping to use the new, less costly A5/1 cracking technology. More robust encryption techniques are being deployed for both GSM and for the newer 3G networks. According to the GSM Association:
...spokesman David Pringle said in an e-mailed statement that while researchers have showed how A5/1 could be compromised in theory, none of their academic papers have led to "practical attack capability that can be used on live, commercial GSM networks." He also noted that more advanced encryption is beginning to be deployed for GSM networks and that other networks, including 3G networks, don't use A5/1.
http://it.toolbox.com/blogs/adventuresi ... ions-22620
DNR
