Print 36 comment(s) - last by OrSin.. on Mar 13 at 1:26 PM

Can you hear me now? Uh oh.

Eavesdropping on cell phone conversations has long been considered the domain of law enforcement and actors in spy movies. Security researchers at the 2008 Black Hat conference in Washington, D.C. have unveiled a new, faster method for eavesdropping that could be built for as little as $1,000.

Most GSM (Global System for Mobile communications) networks use the 64-bit A5/1 encryption, which has been cracked in theory for approximately ten years. The major breakthroughs made by the security researchers David Hulton and "Steve" (who declined to give reporters his last name), however, is in the cost and speed of the cracking attempts.

According to the security analysts, a $1,000 GSM-snooping station would be able to crack the encryption in 30 minutes, and $100,000 worth of equipment would achieve similar results in 30 seconds. The basis for the technology is the use of field-programmable gate arrays to pre-compute all of the possible keys – more than 288 quadrillion -- over a period of three months, and then use this massive amount of data to decrypt GSM communications on the fly.

The vulnerability of the GSM SIM cards was also raised by Mr. Hulton and "Steve" -- the SIM ID number is broadcast in cleartext, which could reveal the make and model of handset being used. In conjunction with the ability to break encryption, this could be used to push an "operator-specified" application onto the card, or use triangulation to determine the location of the handset relative to connected towers.

Cell phone users should not begin speaking in code just yet, however, as the technology is still in development and has yet to be shown beyond a proof-of-concept. GSM Association spokesman David Pringle also stated that more advanced encryption is being deployed, and that some current GSM data networks already use a superior encryption method.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Nothing to worry!
By Trisagion on 2/22/2008 12:19:19 PM , Rating: 4
Nothing I say over my cell phone is worth $1000 to anybody, anyway.

RE: Nothing to worry!
By Hieyeck on 2/22/2008 12:30:26 PM , Rating: 5
Except that thing, you did that time, with that guy, at that place, for that reason.

You know what I'm talking about >=(

RE: Nothing to worry!
By deeznuts on 2/22/2008 1:01:58 PM , Rating: 5
Jay-Z is that you?

RE: Nothing to worry!
By Ryanman on 2/22/2008 2:55:16 PM , Rating: 2
this is great. I'm so glad you're not saying anything the government wants. Logic dictates that you should therefore let them hear what you say, because there could be no possible harm from it.

RE: Nothing to worry!
By GaryJohnson on 2/22/2008 4:01:37 PM , Rating: 2
We wouldn't want them to hear something that they don't want to hear and then have them not act on it.

RE: Nothing to worry!
By nunya on 2/22/2008 3:04:48 PM , Rating: 2
Hackers reference ftw I believe?

RE: Nothing to worry!
By GTVic on 2/23/2008 4:42:33 AM , Rating: 2
He just has a wide stance...

RE: Nothing to worry!
By murphyslabrat on 2/22/2008 12:30:58 PM , Rating: 2
However, when they pay that thousand dollars, plus $3,500 for a work-van, and that $4,500 gets you a lot of information, including what you are saying. So, is your cell-phone conversation worth 30-minutes?

RE: Nothing to worry!
By Trisagion on 2/22/2008 12:39:31 PM , Rating: 5
Hell, give me the $4500 and I'll gladly give you a conference call with the interested party for as much time as you want :)

RE: Nothing to worry!
By zerocool84 on 2/22/2008 1:18:28 PM , Rating: 3
Hey Paulie is he sleepin with da fishes? Na man we can't talk, they can hear everything we say with just $1,000.

RE: Nothing to worry!
By FITCamaro on 2/22/2008 2:39:30 PM , Rating: 2
My cell phone conversations rarely last 1 minute much less 30.

RE: Nothing to worry!
By surt on 2/22/2008 3:10:59 PM , Rating: 2
They can record your conversation, and decrypt it later.

RE: Nothing to worry!
By FITCamaro on 2/22/2008 6:29:07 PM , Rating: 2
Crap they're gonna hear me dirty talking to my girlfriend!

RE: Nothing to worry!
By Samus on 2/23/2008 8:17:49 AM , Rating: 2
CDMA ftw!

RE: Nothing to worry!
By murphyslabrat on 2/27/2008 10:23:32 PM , Rating: 2
Even worse, they're gonna hear me dirty-talking to your girlfriend.

RE: Nothing to worry!
By Wolfpup on 2/26/2008 4:16:46 PM , Rating: 2
Problem is for a lot of people it's worth a LOT more than $1000. A lot of us no longer have land lines, so this is bad, bad news.

I've got CDMA right now, but my understanding is it's just as cracked as GSM.

Wish they'd put some real encryption on these things.

RE: Nothing to worry!
By OrSin on 3/13/2008 1:26:48 PM , Rating: 2
The basis for the technology is the use of field-programmable gate arrays to pre-compute all of the possible keys – more than 288 quadrillion -- over a period of three months, and then use this massive amount of data to decrypt GSM communications on the fly.

That why its a proof of concept. Firs they need todepcry that massive amount of data. My guess the equipment will cost alot more then $100,000's and huge amounts of time to gather the data. 3 months to decrypt sure but years to gather. So after all this you can decyrpt for $1000.

Basicly you need an large scale organization behind you to do it. Now if one of those organization starts selling the master database, then worry. These studies are so full of crap.

Full the record a massive data can be used to break any encryption in small amounts of time. Just getting the database is the work that no one can just do.

GSM Encryption - A joke
By cvmaas on 2/22/2008 1:46:46 PM , Rating: 3
Actually, switching to 128bit encryption wouldn't really help the security of the system, but it would increase the error rate and reduce the bandwidth of the system. With 64b encryption, if there is an error in the packet, you are only resending a 64b packet. Switching to 128b, the same error would require resending a 128b packet, decreasing throughput. The higher the level of encryption, the higher the error rate.

Also, 128b encryption is easily crackable as evidenced by what was Bell Labs breaking the 256b encryption barrier in a matter of 3 days, nearly 10 years ago. 1024b is the only unbreakable system currently, and you don't need to break the encryption for every call. You just need to break it once to obtain the alogorythem <SP> used. Thats what happened to 64b and how FPGA's could be used with all the possible codes built in for the brute force method.

There is research into using a variable encryption length, from 64b, to 128b, to 256b. The length would increase when the error rate is low, and decrease as the error rate climbs to balance the security with bandwidth. The problem with this system is the same basic alogorythem would need to be used on all the different packet sizes, and would actually make it easier to crack as you would have more data samples to work it.

With GSM sending the number in clear text, a packet filter could be used to grab and sort only the packets used for a particular call, again making it easier to break.

RE: GSM Encryption - A joke
By roastmules on 2/22/2008 2:45:14 PM , Rating: 2
Packet size and encryption size don't affect each other. Packets can be of any size, and so can encryption. Look at the OSI model. Packets are normally done at a lower level...

RE: GSM Encryption - A joke
By cvmaas on 2/22/2008 4:17:23 PM , Rating: 2
Actually, they do affect each other. Granted packetizing and encryption are done on different levels, but the entire process can be looked at as digital math.

The first step is encoding the analog voice signal into digital form. This is done using a variable bit-rate codec, from 8k to 16k. It will start with 16k as this is the best voice quality, but as the number of calls on a particular tower increases, the bit-rate decreases allowing more calls (channels) on the cell system before dropping calls due to lack to available bandwidth and power output.

Than this data is packetized with information such as ESN #, etc.

Finally, the packet is encrypted for broadcast.

Now, with that process, the digital math of encryption can be better understood. The 64b packet, is encrypted with a 64b number that is known as a Walsh Code. This 64b unencrypted packet can be viewed as a 64b number, which is than used in the encryption alogorythem. Digital math tells us that the final output will be the same number of bits as the highest number used in terms of bits. For instance, if you divide a 64b # by an 8b #, even if the result is 8b or 16b, it is stored as a 64b number in the computers registers, because its possible the result COULD still be a 64b number.

I know this post may be a bit rambling, but the point is if you switch to 128b encryption, the encrypted packed will than be 128b in length.

RE: GSM Encryption - A joke
By greylica on 2/22/2008 6:42:38 PM , Rating: 2
They can implement a curve encryption too, and when the system is guessing 64b by brute force, it can be a 16b-64b curved encryption, with inverse curves or waves in different lenghts, It´s nearly impossible to decrypt curved encryption. (depending on the implementation, course)
And this method doesn´t need more bandwith. ( but requires a few more processing power )
There is no way to surpass this security if you catch the call on the fly, the data will be very scrambled, with no constant data.
Only a real record of the entire conversation, including the shaking hands will be usefull to decrypt. And to find all of the wave lenghts of the packets, with all the possible encryption, will need various Blue Gene-L, or simply more time.
But the fact, is that will be only a matter of time again.

RE: GSM Encryption - A joke
By jconan on 2/22/2008 11:43:05 PM , Rating: 2
why not dynamic bit rate encryption similar to blu-ray encryption changing handset encryption every periodic interval i.e. 5 second, etc... or less

RE: GSM Encryption - A joke
By zpdixon on 2/23/2008 12:07:30 AM , Rating: 3
Dude you have no idea what you are talking about.

1. The block size doesn't have to match the key size. Example: in AES-256, the block size is 128 bits, but the key is 256 bits.

2. With any decent crypto algo, increasing the key size *does* make it harder to bruteforce the key (and less practical to build rainbow tables). Of course even long keys of 128 bits can be cracked if the implementation is crappy (eg. WEP 128-bit).

3. Symmetric cryptographic algorthims based on 128-bit keys are *not* easily crackable. The "256-bit key cracked by Bell Labs" you refer to was probably an assymetric key. Because asymmetric algorithms typically require larger keys. For example as of today the largest RSA key ever factored was 663 bits in length (RSA-200 challenge).

Who modded the parent up ? Seriously...

By pauldovi on 2/22/2008 11:54:52 AM , Rating: 2
I always wondered about cell phone security. Perhaps it is time to go 128 bit. I wonder how difficult this would be to implement.

RE: Interesting
By clovell on 2/22/2008 11:57:36 AM , Rating: 2

RE: Interesting
By Master Kenobi on 2/22/2008 12:16:04 PM , Rating: 1
Paul beat you to it by 2 minutes :P

RE: Interesting
By Chris Peredun on 2/22/2008 12:34:13 PM , Rating: 4
Doesn't matter - clowell called "jinx" first. But since you said his name, Paul is now released.

Ah, the perks of having younger siblings.

RE: Interesting
By Spivonious on 2/22/2008 2:39:15 PM , Rating: 2
Chris, you have to say his full name to release him. Duh! :P

RE: Interesting
By JimmyC on 2/24/2008 1:27:56 AM , Rating: 2
Where I'm from the rule is you have to say his first name three times, and if he talks before that you get to hit him, my little brothers would surely concur.

what about 128-bit?
By clovell on 2/22/2008 11:56:27 AM , Rating: 2
I'm no expert here, but wouldn't simply switching to 128-bit encryption solve the problem? I mean, we have the technology, and I can't imagine it being too difficult to implement.

RE: what about 128-bit?
By pauluskc on 2/22/2008 12:01:04 PM , Rating: 2
Very true, but one of the problems is that the SIM # is clear-text. It's like creating a SSH connection after you submit the username and password.

RE: what about 128-bit?
By Captain Orgazmo on 2/22/2008 7:48:14 PM , Rating: 2
Nope, the SIM number is just to identify the subscriber to the network. I don't think it would even give away your cell phone make like it says in the article, because you can use any SIM card with an unlocked cell phone (or conversely any cell phone with a SIM card).

By martinrichards23 on 2/22/2008 1:27:03 PM , Rating: 2
Surely 3G uses a more modern encryption?

RE: 3G
By murphyslabrat on 2/27/2008 10:29:32 PM , Rating: 2

RE: 3G
By murphyslabrat on 2/27/2008 10:31:07 PM , Rating: 2
too bad you cannot edit posts....

I just thought, you could get free pr0n by monitoring someone else's 3G connection.

I miss the old AMP system
By Mithan on 2/25/2008 8:22:24 PM , Rating: 2
I miss the old AMP system. Any phone could be used to listen to anybody else on the system. All you needed to do was enter debug mode.

"People Don't Respect Confidentiality in This Industry" -- Sony Computer Entertainment of America President and CEO Jack Tretton
Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki