Secret code protecting cellphone calls set loose

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2009/12/28/gsm_eavesdropping_breakthrough/

By Dan Goodin in San Francisco 
The Register
28th December 2009

Cryptographers have moved closer to their goal of eavesdropping on 
cellphone conversations after cracking the secret code used to prevent 
the interception of radio signals as they travel between handsets and 
mobile operators' base stations.

The code is designed to prevent the interception of phone calls by 
forcing mobile phones and base stations to rapidly change radio 
frequencies over a spectrum of 80 channels. Without knowing the precise 
sequence, would-be eavesdroppers can assemble only tiny fragments of a 
conversation.

At a hacker conference in Berlin that runs through Wednesday, the 
cryptographers said they've cracked the algorithm that determines the 
random channel hopping and have devised a practical means to capture 
entire calls using equipment that costs about $4,000. At the heart of 
the crack is open-source software for computer-controlled radios that 
makes the frequency changes at precisely the same time, and in the same 
order, that the cellphone and base station do.

"We now know this is possible," said Karsten Nohl, a 28-year-old 
cryptographer and one of the members of an open-source project out to 
prove that GSM, the technical standard used by about 80 percent of the 
mobile market, can't be counted on to keep calls private. The attack "is 
practical, and there are real vulnerabilities that people are 
exploiting."

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org