backtop


Print 36 comment(s) - last by OrSin.. on Mar 13 at 1:26 PM

Can you hear me now? Uh oh.

Eavesdropping on cell phone conversations has long been considered the domain of law enforcement and actors in spy movies. Security researchers at the 2008 Black Hat conference in Washington, D.C. have unveiled a new, faster method for eavesdropping that could be built for as little as $1,000.

Most GSM (Global System for Mobile communications) networks use the 64-bit A5/1 encryption, which has been cracked in theory for approximately ten years. The major breakthroughs made by the security researchers David Hulton and "Steve" (who declined to give reporters his last name), however, is in the cost and speed of the cracking attempts.

According to the security analysts, a $1,000 GSM-snooping station would be able to crack the encryption in 30 minutes, and $100,000 worth of equipment would achieve similar results in 30 seconds. The basis for the technology is the use of field-programmable gate arrays to pre-compute all of the possible keys – more than 288 quadrillion -- over a period of three months, and then use this massive amount of data to decrypt GSM communications on the fly.

The vulnerability of the GSM SIM cards was also raised by Mr. Hulton and "Steve" -- the SIM ID number is broadcast in cleartext, which could reveal the make and model of handset being used. In conjunction with the ability to break encryption, this could be used to push an "operator-specified" application onto the card, or use triangulation to determine the location of the handset relative to connected towers.

Cell phone users should not begin speaking in code just yet, however, as the technology is still in development and has yet to be shown beyond a proof-of-concept. GSM Association spokesman David Pringle also stated that more advanced encryption is being deployed, and that some current GSM data networks already use a superior encryption method.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Nothing to worry!
By Trisagion on 2/22/2008 12:19:19 PM , Rating: 4
Nothing I say over my cell phone is worth $1000 to anybody, anyway.




RE: Nothing to worry!
By Hieyeck on 2/22/2008 12:30:26 PM , Rating: 5
Except that thing, you did that time, with that guy, at that place, for that reason.

You know what I'm talking about >=(


RE: Nothing to worry!
By deeznuts on 2/22/2008 1:01:58 PM , Rating: 5
Jay-Z is that you?


RE: Nothing to worry!
By Ryanman on 2/22/2008 2:55:16 PM , Rating: 2
this is great. I'm so glad you're not saying anything the government wants. Logic dictates that you should therefore let them hear what you say, because there could be no possible harm from it.


RE: Nothing to worry!
By GaryJohnson on 2/22/2008 4:01:37 PM , Rating: 2
We wouldn't want them to hear something that they don't want to hear and then have them not act on it.


RE: Nothing to worry!
By nunya on 2/22/2008 3:04:48 PM , Rating: 2
Hackers reference ftw I believe?


RE: Nothing to worry!
By GTVic on 2/23/2008 4:42:33 AM , Rating: 2
He just has a wide stance...


RE: Nothing to worry!
By murphyslabrat on 2/22/2008 12:30:58 PM , Rating: 2
However, when they pay that thousand dollars, plus $3,500 for a work-van, and that $4,500 gets you a lot of information, including what you are saying. So, is your cell-phone conversation worth 30-minutes?


RE: Nothing to worry!
By Trisagion on 2/22/2008 12:39:31 PM , Rating: 5
Hell, give me the $4500 and I'll gladly give you a conference call with the interested party for as much time as you want :)


RE: Nothing to worry!
By zerocool84 on 2/22/2008 1:18:28 PM , Rating: 3
Hey Paulie is he sleepin with da fishes? Na man we can't talk, they can hear everything we say with just $1,000.


RE: Nothing to worry!
By FITCamaro on 2/22/2008 2:39:30 PM , Rating: 2
My cell phone conversations rarely last 1 minute much less 30.


RE: Nothing to worry!
By surt on 2/22/2008 3:10:59 PM , Rating: 2
They can record your conversation, and decrypt it later.


RE: Nothing to worry!
By FITCamaro on 2/22/2008 6:29:07 PM , Rating: 2
Crap they're gonna hear me dirty talking to my girlfriend!


RE: Nothing to worry!
By Samus on 2/23/2008 8:17:49 AM , Rating: 2
CDMA ftw!


RE: Nothing to worry!
By murphyslabrat on 2/27/2008 10:23:32 PM , Rating: 2
Even worse, they're gonna hear me dirty-talking to your girlfriend.


RE: Nothing to worry!
By Wolfpup on 2/26/2008 4:16:46 PM , Rating: 2
Problem is for a lot of people it's worth a LOT more than $1000. A lot of us no longer have land lines, so this is bad, bad news.

I've got CDMA right now, but my understanding is it's just as cracked as GSM.

Wish they'd put some real encryption on these things.


RE: Nothing to worry!
By OrSin on 3/13/2008 1:26:48 PM , Rating: 2
quote:
The basis for the technology is the use of field-programmable gate arrays to pre-compute all of the possible keys – more than 288 quadrillion -- over a period of three months, and then use this massive amount of data to decrypt GSM communications on the fly.


That why its a proof of concept. Firs they need todepcry that massive amount of data. My guess the equipment will cost alot more then $100,000's and huge amounts of time to gather the data. 3 months to decrypt sure but years to gather. So after all this you can decyrpt for $1000.

Basicly you need an large scale organization behind you to do it. Now if one of those organization starts selling the master database, then worry. These studies are so full of crap.

Full the record a massive data can be used to break any encryption in small amounts of time. Just getting the database is the work that no one can just do.


"DailyTech is the best kept secret on the Internet." -- Larry Barber











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki