backtop


Print 36 comment(s) - last by OrSin.. on Mar 13 at 1:26 PM

Can you hear me now? Uh oh.

Eavesdropping on cell phone conversations has long been considered the domain of law enforcement and actors in spy movies. Security researchers at the 2008 Black Hat conference in Washington, D.C. have unveiled a new, faster method for eavesdropping that could be built for as little as $1,000.

Most GSM (Global System for Mobile communications) networks use the 64-bit A5/1 encryption, which has been cracked in theory for approximately ten years. The major breakthroughs made by the security researchers David Hulton and "Steve" (who declined to give reporters his last name), however, is in the cost and speed of the cracking attempts.

According to the security analysts, a $1,000 GSM-snooping station would be able to crack the encryption in 30 minutes, and $100,000 worth of equipment would achieve similar results in 30 seconds. The basis for the technology is the use of field-programmable gate arrays to pre-compute all of the possible keys – more than 288 quadrillion -- over a period of three months, and then use this massive amount of data to decrypt GSM communications on the fly.

The vulnerability of the GSM SIM cards was also raised by Mr. Hulton and "Steve" -- the SIM ID number is broadcast in cleartext, which could reveal the make and model of handset being used. In conjunction with the ability to break encryption, this could be used to push an "operator-specified" application onto the card, or use triangulation to determine the location of the handset relative to connected towers.

Cell phone users should not begin speaking in code just yet, however, as the technology is still in development and has yet to be shown beyond a proof-of-concept. GSM Association spokesman David Pringle also stated that more advanced encryption is being deployed, and that some current GSM data networks already use a superior encryption method.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: GSM Encryption - A joke
By jconan on 2/22/2008 11:43:05 PM , Rating: 2
why not dynamic bit rate encryption similar to blu-ray encryption changing handset encryption every periodic interval i.e. 5 second, etc... or less


"Nowadays you can buy a CPU cheaper than the CPU fan." -- Unnamed AMD executive











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki