By J. Nicholas Hoover
February 20, 2008
Security researchers presenting Wednesday at the Black Hat D.C.
conference in Washington, D.C., demonstrated technology in development
that they say will be able to greatly decrease the time and money
required to decrypt, and therefore snoop on, phone and text message
conversations taking place on GSM networks.
Many mobile operators worldwide use GSM networks, including T-Mobile and
AT&T (NYSE: T) in the United States. The 64-bit encryption method used
by GSM, known as A5/1, was first cracked in theory about 10 years ago,
and researchers David Hulton and Steve, who declined to give his last
name, said today that expensive equipment to help people crack the
encryption has been available online for about 5 years.
Until now, however, it's been prohibitively expensive for people to get
their hands on this technology. If it works, the technology Hulton and
Steve are developing should be able to crack GSM encryption in less than
30 minutes with about $1,000 worth of equipment, or in about 30 seconds
with $100,000 worth of equipment. The technology could potentially be
helpful to law enforcement investigators, but could also be taken
advantage of by malicious hackers. Hulton says he plans to commercialize
the more expensive version of the technology.
Other hardware Hulton and Steve referenced uses two different techniques
to snoop on GSM calls and can cost between $70,000 and $1 million.
So-called "active" systems simulate a GSM base station and don't rely on
encryption because they trick phones into connecting to the GSM network
through them. Other, so-called "passive" systems snoop on the traffic
and are far more expensive.
Hulton and Steve's technology relies on the use of an array of devices
known as field programmable gate arrays to first create a table of all
the possible encryption keys -- in this case 288 quadrillion -- and then
decrypt each of those over the course of three months. The resulting
tables of keys could then be used by software to decrypt GSM
communications, which first have to be intercepted using a receiver that
can listen in on GSM frequencies.
During their talk, Hulton and Steve also discussed the vulnerabilities
of mobile device SIM cards, noting that GSM networks broadcast SIM
cards' unique IDs in unencrypted text, which can tell attackers or law
enforcement what kind of phone someone is using. The GSM network also
can tell snoopers how far a phone is from a base station, within 200
meters of error. They noted that SIM cards run Java Virtual Machines
that operators have access to, and suggested that it could be possible
for malicious attackers to install applications on user's phones without
them ever knowing, potentially rerouting traffic to a third party who
listens in to phone conversations.
The GSM Association, a trade group representing more than 700 GSM
operators, said it could not comment on the specific claims Hulton and
Steve are making. However, spokesman David Pringle said in an e-mailed
statement that while researchers have showed how A5/1 could be
compromised in theory, none of their academic papers have led to
"practical attack capability that can be used on live, commercial GSM
networks." He also noted that more advanced encryption is beginning to
be deployed for GSM networks and that other networks, including 3G
networks, don't use A5/1.
Subscribe to InfoSec News