Print 18 comment(s) - last by Pessimism.. on Jan 18 at 9:06 AM

Business users talking on the cell phone beware -- wire-tapping solutions are now widely available for GSM networks at under $1,000, meaning that you may be blabbing your financial secrets to unwanted parties. In recent months A5/1 GSM encryption, a 64-bit algorithm was cracked, and now A5/3, a 128-bit algorithm, has been cracked as well.  (Source: The Phone Coach)
The security woes of the cell phone sector continue

For those in the know about the current state of cell phone security, it's a mess. With current 64-bit encryptions on GSM (used by about 3.5 billion people worldwide), publicly cracked after 21 years of secrecy, wire-tapping is now no longer the realm of the government alone.  Security researchers have demonstrated that malicious users and corporate spies alike can tap 64-bit GSM and decrypt it using equipment that can cost under $1,000 (most of the software involved is open source).  That's scary news for anyone who wants to avoid letting their company's financial results slip in a seemingly private, behind-closed-doors conversation with your financial staff.

Equally scary is the cell phone companies' response.  They only acknowledged the insecurity when the algorithm was publicly cracked by Karsten Nohl, PhD, a 28-year-old German computer security researcher and member of Berlin's Chaos Computer Club.  Even now they're dragging their feet on adopting more secure algorithms across their networks.

And now the next best encryption, the KASUMI system -- a 128-bit A5/3 algorithm implemented across 3G networks -- has been cracked as well.  Where as A5/1 was brought down by 2 terabyte time-memory tradeoff attack tables generated over a couple months on an NVIDIA GPU cluster (via CUDA code) early last year, the effort used the sophisticated, "related-key sandwich attack" to crack the more advanced algorithm in only 2 hours.  A paper on the work is published here (PDF).

The research was led by faculty members of the Mathematics and Computer Science departments at the Weizmann Institute of Science in Israel.  The participating researchers included Orr Dunkelman, Nathan Keller, and Adi Shamir, the last of which is famous for having his last name being part of the acronym RSA -- which stands for a popular public-key encryption algorithm.

They used an approach that involved first using one key for encryption of a message, and then changing it to a different key.  Writes the researchers, "By using this distinguisher and analyzing the single remaining round, we can derive the complete 128 bit key of the full Kasumi by using only 4 related keys, 226 data, 230 bytes of memory, and 232 time. These complexities are so small that we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity."

The attack is less effective than the recent A5/1 crack, though, according to Karsten Nohl.  Professor Nohl says that the new method requires the collection of "several million known plaintexts" to get a single key.  A plaintext is transmitted approximately every second, so cracking a particular carrier's encryption could require a long period of data collection.  It also would take two hours to crack the particular call on a single PC, though researchers said using a cluster could reduce this time to a manageable amount.

The current KASUMI (A5/3) algorithm was the result of a tweaked MISTY algorithm.  The original MISTY algorithm was developed by researchers at Mitsubishi.  The MISTY algorithm was more secure, but more computationally intensive, than the modified KASUMI variant.

Mr. Nohl says despite the new research shows that the GSM industry should perhaps reconsider KASUMI as they move away from A5/1 he states, "The attack should stand as a reminder that A5/3 and any other cipher will need to be replaced eventually.  Hopefully this fact is considered when upgrading GSM."

Currently most of the telecommunications industry has no definite timetable for even rolling out KASUMI, so it seems doubtful that it will act very fast, though.  That means that for now, you probably shouldn't say anything on GSM networks that you don't want repeated.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

The point of security
By dflynchimp on 1/15/2010 4:55:50 PM , Rating: 5
In any form is more or less a placebo for the protectee. It's like locks on doors and bars on windows. Yes it will keep most small timers out, or make it so they see it as too much of a hassle to attempt a break-in.

It's impressive that they're able to crack this code in so short a time, but this only proves yet again that given the high cost high power equiptment and the determination, a well learned individual or group will prevail in whatever misdeeds they intended to do.

Of course what makes me so confident that my email won't be hacked is the revelation that I'm pretty insignificant in terms of monetary or information value. I guess some days being the small fry does have its fringe benefits.

RE: The point of security
By ChrisHF on 1/15/2010 5:11:26 PM , Rating: 3
But at the same time, the security in this particular case could be greatly enhanced if the cellular providers were more agile in their ability to replace a cracked or threatened scheme.

RE: The point of security
By Qapa on 1/15/2010 6:03:00 PM , Rating: 2
Agree with what you said.

But, can the phone companies roll this out on their own?
Wouldn't we need to have new firmware (at least) on the phones?
Wouldn't this trigger some, not so great companies that wouldn't provide new firmware, to get people out of the phone network?

Well, I guess you get the point: I have no clue on how is this implemented, can anyone provide info?


RE: The point of security
By TheRequiem on 1/15/2010 10:10:29 PM , Rating: 2
I relent to the fact that even though I may be insignificant in a massive data-centric pool of 3GPP... it still represents a timed fashion of neglect. Actually, as of this point in time this means nothing. What I see is, a complex cause for distaste, but not an eventual disaster. The cell networks will be upgraded before this can take affect in a practical manner and what I mean by that is, it won't be average people with devices plugging into your sound waves anytime soon. The next generation will be able to hack and modify old GSM networks in attempts to take a swing at broke down equipment for simple satisfaction, but the rest of humanity will be on much more complex then 128-bit encyrption schemes.

Should you still be worried? In short, yes... but in what field of danger does this fall under? Especially when there are so many things in this world already that overshadow our daily lively protection rather than someone reigning down in on what your picking up for dinner?

RE: The point of security
By foolsgambit11 on 1/16/2010 12:27:51 AM , Rating: 2
Of course what makes me so confident that my email won't be hacked is the revelation that I'm pretty insignificant in terms of monetary or information value. I guess some days being the small fry does have its fringe benefits.

While currently, it seems like most non-governmental cell phone snooping is targeted, that doesn't mean a more widespread attack methodology won't become popular in the near future, especially with reduced costs to exploit calls and store data. A company may plant themselves near a cell tower they think may carry important conversations, record everything, and sell it to the highest bidder. They can put all the equipment they need into the trunk of a car already.

The point being, insignificance may not make it less likely that you'll be attacked - it just makes it less likely you'll be damaged by the attack. These days, with the cost for a single exploitation so low, e-mail hackers bundle people together into large groups and get a decent price. Buyers work on what I'm going to call the 'Topps' concept. Like with baseball cards, you may not want everybody in the package, but you hope there's a valuable guy in there to make it worth your while. Cell phone hackers could create a viable business plan doing the same thing.

RE: The point of security
By CSMR on 1/18/2010 7:05:15 AM , Rating: 3
I'm not a security expert but... no-one can break RSA encryption in polynomial time, so isn't it secure at least until quantum computers? More so than "locks and bars" because you can break in to Fort Knox if you have a big army but there isn't a cluster big enough to crack a long RSA key.

"Can anyone tell me what MobileMe is supposed to do?... So why the f*** doesn't it do that?" -- Steve Jobs

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki