GSM system about to be compromised
December 8, 2009 by Lin Edwards
GSM logo
(PhysOrg.com) -- Research scientists in California and elsewhere are deliberately setting out to compromise the mobile phone system used by around three billion people. The system uses Global System for Mobile communications (GSM) encryption technology to prevent eavesdropping.
Karsten Nohl, a research scientist at a Californian security research firm H4RDW4RE, and a member of the Chaos Computer Club (CCC) in Germany, is behind the effort to crack the A5/1 encryption technology used by GSM, and he plans to release the keys publically on the Internet by the end of the year.
Every phone using GSM has its own secret key, which is recognized by the network. When a call is made the secret key is used to create a session key that is then used to encrypt the phone call. It is the session key that Nohl plans to crack.
Nohl has created an open-source program that will enable a peer-to-peer network of up to 80 computers to share the computing required to break the code. Since the files are distributed across the network, it will be virtually impossible to remove the code-breaking tool from the Internet. When the encryption code is cracked it will be compiled into a code book that could be used to decode any data sent to or from a GSM phone.
Computing time for the project is being speeded up by the use of components not usually found in a standard computer, such as the expensive Xilinx Virtex field-programmable gate arrays and Nvidia's compute unified device architecture (CUDA) graphics cards. According to Nohl, graphics cards are faster than CPUs for certain applications, such as computing the A5/1 code.
The goal of the exercise, according to Nohl, is to highlight the vulnerability inherent in GSM technology and to encourage mobile phone operators still using the system to upgrade their digital phone system to 3G, which has better encryption, or to use the more advanced A5/3 encryption technology instead of A5/1.
GSM phone networks in the U.S. include AT&T and T-Mobile. Commercial tools that decrypt GSM communications have been available for some time, but they cost from $100,000 to $250,000. When Nohl's project cracks the key and publishes the code book on the Internet, it will be possible for almost anyone to get the encryption key for any GSM call and eavesdrop on the call or read SMS messages.
via IEEE Spectrum
© 2009 PhysOrg.com
-
In Brief: Happy 15th birthday to GSM
Jun 30, 2006 |
not rated yet |
0
-
Stop Big Brother listening in to your mobile phone conversation
Sep 27, 2004 |
not rated yet |
0
-
Briefs: India's LG Electronics bets on GSM phones
Jan 24, 2006 |
not rated yet |
0
-
Indosat trials GSM/CDMA messaging
Apr 03, 2006 |
not rated yet |
0
-
Nokia to support GSM technology on 450 MHz frequency band for mobile phones
Oct 11, 2005 |
not rated yet |
0
-
Engineers build first sub-10-nm carbon nanotube transistor
Feb 01, 2012 |
4.9 / 5 (30) |
30
-
Something old, something new: Evolution and the structural divergence of duplicate genes
Jan 31, 2012 |
4.6 / 5 (7) |
1
-
The hidden nanoworld of ice crystals: Revealing the dynamic behavior of quasi-liquid layers
Jan 30, 2012 |
5 / 5 (3) |
1
-
Stock market network reveals investor clustering
Jan 27, 2012 |
3.9 / 5 (23) |
8
-
Of microchemistry and molecules: Electronic microfluidic device synthesizes biocompatible probes
Jan 26, 2012 |
5 / 5 (1) |
0
-
feed hold button on CNC lathe
11 hours ago
-
Mechanics of Solids ( Final exam question) plz help!
13 hours ago
-
RFAC in Fortran
16 hours ago
-
dynamics 2/32
21 hours ago
-
dynamics
22 hours ago
-
Vibration Absorbtion Problem
Feb 08, 2012
- More from Physics Forums - General Engineering
More news stories
New integrated building model may improve fish farming operations
Today's "locavore" movement with its emphasis on eating more locally-produced food is a natural fit for fruits and vegetables in nearly every region, but few entrepreneurs have dared to apply the concept to ...
7 minutes ago |
not rated yet |
0
Soraa LED light may dim 50-watt halogen rivals
(PhysOrg.com) -- Soraa, a Fremont, California company founded in 2008, this week launched its first product, a light that uses LEDS (light emitting diodes). The "Soraa LED MR16 lamp" is the "perfect" replacement ...
11 hours ago |
4.6 / 5 (13) |
8
|
Model analyzes shape-memory alloys for use in earthquake-resistant structures
Recent earthquake damage has exposed the vulnerability of existing structures to strong ground movement. At the Georgia Institute of Technology, researchers are analyzing shape-memory alloys for their potential ...
6 hours ago |
not rated yet |
0
|
Google launches Chrome browser for Android smartphones
With more and more people connecting to the Internet through a phone or a tablet instead of a PC, Google Inc. is bringing its fast-growing browser, Chrome, to the newest Android-powered mobile devices.
8 hours ago |
5 / 5 (4) |
0
Samsung can continue selling Galaxy tabs in Germany: court
South Korea's Samsung Electronics can continue to sell its Galaxy Tab 10.1N tablet computer in Germany, a German court ruled Thursday, rejecting a bid by arch-rival Apple to have them banned.
9 hours ago |
5 / 5 (2) |
2
'Dark plasmons' transmit energy
Microscopic channels of gold nanoparticles have the ability to transmit electromagnetic energy that starts as light and propagates via "dark plasmons," according to researchers at Rice University.
Decoding the molecular machine behind E. coli and cholera
Scientists from Queen Mary, University of London have discovered the workings behind some of the bacteria that kill hundreds of thousands every year, possibly paving the way for new antibiotics that could treat infections ...
Deadly bird parasite evolves at exceptionally fast rate
A new study of a devastating bird disease that spread from poultry to house finches in the mid-1990s reveals that the bacteria responsible for the disease evolves at an exceptionally fast rate. What's more, ...
Flexible paper robots
(PhysOrg.com) -- These inexpensive robots can stretch, bend and twist under control, and lift objects up to 120 times their own weight. Being soft, they can apply gentle and even pressure, and adapt to varied ...
Cell biologists describes mechanism by which some people may be more susceptible to colon cancer
An international research team led by cell biologists at the University of California, Riverside has uncovered a new insight into colon cancer, the third leading cause of cancer-related deaths in the United ...
New method makes culture of complex tissue possible in any lab
Scientists at the University of California, San Diego have developed a new method for making scaffolds for culturing tissue in three-dimensional arrangements that mimic those in the body. This advance, published online in ...
Dec 08, 2009
Rank: 3.3 / 5 (11)
Dec 08, 2009
Rank: 4.2 / 5 (5)
Dec 08, 2009
Rank: 4.9 / 5 (7)
Dec 08, 2009
Rank: 2.8 / 5 (5)
Dec 08, 2009
Rank: 3 / 5 (1)
Sounds like an apprenticeship in coding viruses and plenty of experience in cracking pc security.
Dec 08, 2009
Rank: 5 / 5 (3)
They have a record of trying to hack national systems and then publicizing the results.
If something is unsafe then it is better the public knows about it sooner than later, don't you think? Gives the providers a chanvce to beef up their security before someone with actually malicious intent screws them over.
Dec 08, 2009
Rank: 2.8 / 5 (5)
I disagree with the argument that it is important to force public systems to be ever more secure.
National security benefits when the cost of exploiting our shared networks by terrorists are raised at least to the level of "business security". This makes it harder for the home grown terrorists to exploit the Billions we've invested in personal and commercial communications.
As the members of this hacking club know, it is not that hard to overlay a clear line with an encrypted circuit. Any business, commercial or national interest needing secure communications can easily get it within their budgets.
Offering "strong" encryption for personal use is insane overkill and suggest to me an unnatural paranoia or, worse, unbridled narcissism.
NOTHING I say is so "sensitive" I need fear being overheard.
Dec 09, 2009
Rank: 4.5 / 5 (2)
Anyone who knows computer security knows that security through obscurity just doesn't work. Covering up your weaknesses, as GSM has done with A5/1, merely guarantees that only the bad guys will know them. I will not even begin to trust a cipher until its design is openly published and it has withstood years of intense, fully documented attacks by the academic cryptography community.
It is not "insane overkill" to use a strong cipher in GSM. There are several excellent alternatives that are probably even faster and smaller. In fact, GSM had to go out of its way to use a cipher as weak as A5/1.
Dec 09, 2009
Rank: 1 / 5 (1)
Dec 09, 2009
Rank: not rated yet
Also, cryptography is a tool that can provide confidentiality and authentication. It is not particularly relevant to spam and virus threats. These are distinct security problems that require distinct tools and techniques.
Dec 09, 2009
Rank: not rated yet
If the subscriber is using mobile banking applications that are USSD based they are potentialy at risk so I advise that they check with thier bank or network to ensure that encryption keys via the browser or JAVA applet have been implemented to secure this layer of the messaging.
The problem with trying ot force networks to go to 3G is that there are so many 2G only handsets out there that will not support the newer algos, my feeling is that this action is reckless and not in the general subscribers best interests.
Dec 09, 2009
Rank: 1 / 5 (1)