Print 36 comment(s) - last by OrSin.. on Mar 13 at 1:26 PM

Can you hear me now? Uh oh.

Eavesdropping on cell phone conversations has long been considered the domain of law enforcement and actors in spy movies. Security researchers at the 2008 Black Hat conference in Washington, D.C. have unveiled a new, faster method for eavesdropping that could be built for as little as $1,000.

Most GSM (Global System for Mobile communications) networks use the 64-bit A5/1 encryption, which has been cracked in theory for approximately ten years. The major breakthroughs made by the security researchers David Hulton and "Steve" (who declined to give reporters his last name), however, is in the cost and speed of the cracking attempts.

According to the security analysts, a $1,000 GSM-snooping station would be able to crack the encryption in 30 minutes, and $100,000 worth of equipment would achieve similar results in 30 seconds. The basis for the technology is the use of field-programmable gate arrays to pre-compute all of the possible keys – more than 288 quadrillion -- over a period of three months, and then use this massive amount of data to decrypt GSM communications on the fly.

The vulnerability of the GSM SIM cards was also raised by Mr. Hulton and "Steve" -- the SIM ID number is broadcast in cleartext, which could reveal the make and model of handset being used. In conjunction with the ability to break encryption, this could be used to push an "operator-specified" application onto the card, or use triangulation to determine the location of the handset relative to connected towers.

Cell phone users should not begin speaking in code just yet, however, as the technology is still in development and has yet to be shown beyond a proof-of-concept. GSM Association spokesman David Pringle also stated that more advanced encryption is being deployed, and that some current GSM data networks already use a superior encryption method.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: GSM Encryption - A joke
By roastmules on 2/22/2008 2:45:14 PM , Rating: 2
Packet size and encryption size don't affect each other. Packets can be of any size, and so can encryption. Look at the OSI model. Packets are normally done at a lower level...

RE: GSM Encryption - A joke
By cvmaas on 2/22/2008 4:17:23 PM , Rating: 2
Actually, they do affect each other. Granted packetizing and encryption are done on different levels, but the entire process can be looked at as digital math.

The first step is encoding the analog voice signal into digital form. This is done using a variable bit-rate codec, from 8k to 16k. It will start with 16k as this is the best voice quality, but as the number of calls on a particular tower increases, the bit-rate decreases allowing more calls (channels) on the cell system before dropping calls due to lack to available bandwidth and power output.

Than this data is packetized with information such as ESN #, etc.

Finally, the packet is encrypted for broadcast.

Now, with that process, the digital math of encryption can be better understood. The 64b packet, is encrypted with a 64b number that is known as a Walsh Code. This 64b unencrypted packet can be viewed as a 64b number, which is than used in the encryption alogorythem. Digital math tells us that the final output will be the same number of bits as the highest number used in terms of bits. For instance, if you divide a 64b # by an 8b #, even if the result is 8b or 16b, it is stored as a 64b number in the computers registers, because its possible the result COULD still be a 64b number.

I know this post may be a bit rambling, but the point is if you switch to 128b encryption, the encrypted packed will than be 128b in length.

RE: GSM Encryption - A joke
By greylica on 2/22/2008 6:42:38 PM , Rating: 2
They can implement a curve encryption too, and when the system is guessing 64b by brute force, it can be a 16b-64b curved encryption, with inverse curves or waves in different lenghts, It´s nearly impossible to decrypt curved encryption. (depending on the implementation, course)
And this method doesn´t need more bandwith. ( but requires a few more processing power )
There is no way to surpass this security if you catch the call on the fly, the data will be very scrambled, with no constant data.
Only a real record of the entire conversation, including the shaking hands will be usefull to decrypt. And to find all of the wave lenghts of the packets, with all the possible encryption, will need various Blue Gene-L, or simply more time.
But the fact, is that will be only a matter of time again.

RE: GSM Encryption - A joke
By jconan on 2/22/2008 11:43:05 PM , Rating: 2
why not dynamic bit rate encryption similar to blu-ray encryption changing handset encryption every periodic interval i.e. 5 second, etc... or less

"Google fired a shot heard 'round the world, and now a second American company has answered the call to defend the rights of the Chinese people." -- Rep. Christopher H. Smith (R-N.J.)
Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular ArticlesSmartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
UN Meeting to Tackle Antimicrobial Resistance
September 21, 2016, 9:52 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Update: Problem-Free Galaxy Note7s CPSC Approved
September 22, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki