Black Hat Conference: Security Researchers Claim To Hack GSM Calls

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/news/showArticle.jhtml?articleID=206800800

By J. Nicholas Hoover
InformationWeek
February 20, 2008

Security researchers presenting Wednesday at the Black Hat D.C. 
conference in Washington, D.C., demonstrated technology in development 
that they say will be able to greatly decrease the time and money 
required to decrypt, and therefore snoop on, phone and text message 
conversations taking place on GSM networks.

Many mobile operators worldwide use GSM networks, including T-Mobile and 
AT&T (NYSE: T) in the United States. The 64-bit encryption method used 
by GSM, known as A5/1, was first cracked in theory about 10 years ago, 
and researchers David Hulton and Steve, who declined to give his last 
name, said today that expensive equipment to help people crack the 
encryption has been available online for about 5 years.

Until now, however, it's been prohibitively expensive for people to get 
their hands on this technology. If it works, the technology Hulton and 
Steve are developing should be able to crack GSM encryption in less than 
30 minutes with about $1,000 worth of equipment, or in about 30 seconds 
with $100,000 worth of equipment. The technology could potentially be 
helpful to law enforcement investigators, but could also be taken 
advantage of by malicious hackers. Hulton says he plans to commercialize 
the more expensive version of the technology.

Other hardware Hulton and Steve referenced uses two different techniques 
to snoop on GSM calls and can cost between $70,000 and $1 million. 
So-called "active" systems simulate a GSM base station and don't rely on 
encryption because they trick phones into connecting to the GSM network 
through them. Other, so-called "passive" systems snoop on the traffic 
and are far more expensive.

Hulton and Steve's technology relies on the use of an array of devices 
known as field programmable gate arrays to first create a table of all 
the possible encryption keys -- in this case 288 quadrillion -- and then 
decrypt each of those over the course of three months. The resulting 
tables of keys could then be used by software to decrypt GSM 
communications, which first have to be intercepted using a receiver that 
can listen in on GSM frequencies.

During their talk, Hulton and Steve also discussed the vulnerabilities 
of mobile device SIM cards, noting that GSM networks broadcast SIM 
cards' unique IDs in unencrypted text, which can tell attackers or law 
enforcement what kind of phone someone is using. The GSM network also 
can tell snoopers how far a phone is from a base station, within 200 
meters of error. They noted that SIM cards run Java Virtual Machines 
that operators have access to, and suggested that it could be possible 
for malicious attackers to install applications on user's phones without 
them ever knowing, potentially rerouting traffic to a third party who 
listens in to phone conversations.

The GSM Association, a trade group representing more than 700 GSM 
operators, said it could not comment on the specific claims Hulton and 
Steve are making. However, spokesman David Pringle said in an e-mailed 
statement that while researchers have showed how A5/1 could be 
compromised in theory, none of their academic papers have led to 
"practical attack capability that can be used on live, commercial GSM 
networks." He also noted that more advanced encryption is beginning to 
be deployed for GSM networks and that other networks, including 3G 
networks, don't use A5/1.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn