Will this help us with Encrypted radio systems?

Status
Not open for further replies.

NESN

Member
Joined
Apr 16, 2004
Messages
418
Location
Franklin
December 30, 2009


Cell phone companies angry after group posts guidebook for hacking phone security

Guide to breaking cell phone security revealed

By MATT MOORE
AP Business Writer

A German security expert has raised the ire of the cell phone industry after he and a group of researchers posted online a how-to guide for cracking the encryption that keeps the calls of GSM-standard cell phone users secret.

Karsten Nohl, 28, told The Associated Press this week that he, working with others
online and around the world, created a codebook showing how to get past the GSM
encryption used to keep conversations on more than 3 billion mobile phones safe from prying ears.

Nohl said the purpose was to push companies to improve security. The collaborative effort put the information online through file-sharing sites.

"The message is to have better security, not we want to break you," he said of the
move. "The goal is better security. If we created more demand for more security, if any of the network operators could use this as a marketing feature ... that would be the best possible outcome."

GSM, the leading cell phone technology around the world, is used by several wireless carriers in the U.S., with the largest being AT&T Inc. and T-Mobile USA. Verizon Wireless and Sprint Nextel Corp. use a different standard.

The GSM Association, a trade group that represents nearly 800 wireless operators, said it was mystified by Nohl's rationale.

Claire Cranton, a spokeswoman for the London-based group, said that "this activity is highly illegal in the UK and would be a serious RIPA offense as it probably is in most countries." RIPA, or the Regulation of Investigatory Powers Act, is a British law governing the interception of user logs and e-mails of suspected criminals by security and intelligence agencies.

It has already been possible to intercept GSM calls, but the equipment is generally
only available to law enforcement. Regular wiretapping of cellular calls is also
possible, since they travel unencrypted over standard wiring after being picked up by a cell tower.

Even with Nohl's exploit, expensive and sophisticated radio equipment placed close to the target is required to pull the calls off the air.

Sujeet Shenoi, a professor of computer science at the University of Tulsa in
Oklahoma, said that while the code-breaking guide raises privacy issues, his main
concern is that organized crime will take advantage of it to make money, perhaps by
eavesdropping on transactions between consumers and merchants.

"It's a shot across the bow" of the wireless industry, he said.

Nohls' effort undermines the 21-year-old algorithm used to ensure the privacy of
phone calls made on GSM (global system for mobile communication) cell phone networks.

That algorithm, dubbed the A5/1 and made up of 64-bit binary code, was adopted in 1988. Since then 128-bit codes have been implemented to ensure caller privacy on newer, third-generation networks. The GSM Association has developed the A5/3 algorithm, which it says is gradually being phased in to replace A5/1.

"The GSMA heads up a security working group which looks at all issues re: security and this isn't something that we take lightly at all," Cranton wrote in an e-mail to the AP. "We have a new security algorithm that is being phased (in), as the protection and privacy of customer communications is at the forefront of operators' concerns."

Nohl, who holds a doctorate in computer engineering from the University of Virginia, said that going from a 64-bit code to 128-bit code "makes it some quintillion times more difficult" to crack.

He said the codebook was compiled and posted online not for malicious intent but as a call to the cell phone industry to improve the level of security for those who use GSM phones that are found worldwide and offered through numerous network providers.

"Being security researchers one thing we can do, and what we choose to do in this
case, is to show how it can be done," he told the AP on Tuesday by telephone.

"We have created a tool, a codebook, that's used to decrypt GSM packs, or the GSM
encryptions," he added, noting that with the codes phone calls could be recorded using a high-end PC, a radio and some software.

"In GSM this flaw was pointed out 15 years ago and 15 years seems long enough for the cypher to be replaced with something else. No one uses a phone that is 15 years old," Nohl said. "If they had taken steps they could have replaced everything three time times over."

Nohl made the announcement Sunday at the Chaos Communication Congress in Berlin, a four-day event that ends Wednesday.

While there has been criticism, there is also some faint praise and admiration for
the effort.

"We're familiar with his work. It's proper stuff," said Simon Bransfield-Garth,
chief executive of London-based Cellcrypt, which sells software to keep mobile phones secure.

"People have been trying to crack GSM for a long time," Bransfield-Garth told AP.
"I think the science behind it is pretty sound," he added. "Whether putting it in the
public domain was wise, is an entirely different debate."

--------------------------------------------------------------------------------
 

rdale

Completely Banned for the Greater Good
Premium Subscriber
Joined
Feb 3, 2001
Messages
11,380
Location
Lansing, MI
Sure. Print it out, put it on your scanner, and the encryption sound will be muffled.
 

RadioDaze

Member
Joined
Oct 5, 2006
Messages
2,034
Location
Orange County, California, USA
Unfortunately for us, any discussion about breaking encryption is a discussion about breaking the law. We can talk about the technology in theoretical terms, but a discussion, by a group of us, about any strategy or intent to hack an encrypted transmission is literally an act of conspiracy.

Think of encryption as a locked door. The law, and the lock, protects the owner against breaches by unauthorized persons of that locked door. When the lock is thwarted, the law steps in. Just because you can get past the lock doesn't mean it's legal to do so, or to even try. You have no legal access to what's beyond that door (the information carried in the transmission.)

(Doesn't mean I don't wish that my local law enforcement had never gone encrypted.)
 

Boho

Member
Joined
Dec 1, 2009
Messages
9
Location
Edmonton, Alberta
Even if this were to apply to encrypted radio systems (which I'm pretty sure it does not), companies like Uniden or GRE couldn't use this info to update their scanners.

Just because the info is out there, doesn't mean using it is any less illegal.
 

wb0wao

Member
Joined
Apr 29, 2008
Messages
347
Location
Qulin, MO
This topic surfaces with regularity here. But if you are really interested in monitoring an agency that is encrypted, this is the only way that you can do it (both legally and practically):

1. Submit your resume to that agency.
2. Get hired by that agency.
3. Monitor that agency when you are on duty.

Otherwise, you are gonna be out of luck!

Dennis

(Yes, this was an attempt at humor)
 

DPD1

Member
Joined
Jul 24, 2005
Messages
1,994
Not only does it not help us, it just gives hobbyists interested in communications another black eye. The idiot who did this isn't fooling anybody with his nonsense... He's just some egotistic, megalomaniac trying to prove to everybody how smart he thinks he is.
 
N

N_Jay

Guest
The answer is in the second post.

The reason is there is not near enough similarities between the encryption schemes to make anything from one break relevant to another.

This is just the implementation of a 10 year old known flaw. It took 10 Years to get from theory to practicality, if you consider 10's of thousands of dollars of equipment and many hours to days to crack one conversation "practical".

All the legal mumbo jumbo is irrelevant to the discussion.
 

js_scan888

Member
Joined
Jul 1, 2008
Messages
56
I don't think Karsten Nohl will be breaking "Gold Lock 3G" encryption. All you have to do is decrypt a 10 minute conversation in their hacking contest and you win $250,000 dollars in gold, and a position with the company. Contest ends February 1, 2010, so hurry, and start burning up your CPU. Make sure you check out the specifications of the encryption algorithms used before wasting your time. You might need more than a Commodore 64 computer.

https://www.gold-lock.com/app/en/HackerChallenge
Gold Lock – Information Defense Blog
 

dabeave

Member
Joined
Mar 13, 2009
Messages
7
Location
Jacksonville Beach, Florida
Not only does it not help us, it just gives hobbyists interested in communications another black eye. The idiot who did this isn't fooling anybody with his non
sense... He's just some egotistic, megalomaniac trying to prove to everybody how smart he thinks he is.

Yes! Because if the phone company says it's "secure" you should always take their word at it! With that, let's all revert back to DES like it's 1980. I was
actually _at_ this talk in Berlin, and found it interesting. _They_ had a interesting talk, but obviously you didn't see it, so here is the link:

26C3: GSM: SRSLY?

They use their _own_ gear (USRP), with there _own_ cell towr (OpenBTS) using there _own_ phone system backend (Asterisk). All open source I might add.
Them pointing out "flaws" in A5/1 (and A5/2 and the newer A5/3) encryption I don't see as a "bad thing".

The reason is there is not near enough similarities between the encryption schemes to make anything from one break relevant to another.

This is just the implementation of a 10 year old known flaw. It took 10 Years to get from theory to practicality, if you consider 10's of thousands of dollars of equi
pment and many hours to days to crack one conversation "practical".

Agreed. Actually, total cost for such a system is around $1,500 bucks. Also, it should be pointed out, that this does nothing in "real time". The
rainbow tables (used to assist in "cracking" encrypted A5/1 GSM cell phone calls) is done after, not during.

All the legal mumbo jumbo is irrelevant to the discussion.

Amen....
 
Status
Not open for further replies.
Top