GSM encryption attack lowers privacy to zero

In Europe mobile phones use the GSM standard to communicate with the carries. Encryption was and still is used to protect the calls and special intercepting abilities are built-in to the standard to assist law-enforcement.

Early versions of GSM use a weak encryption algorithms (e.g., A5/1) that are out of date and everyone now (hopefully) should be using UMTS (3G) (i.e. USIM) which include newer and better encryption algorithms.

What Karsten Nohl [2], his team and contributors have achieved is to utilise the advances in processing power (e.g., CUDA) to pre-calculate a code book[2] that will enable real-time decoding. Obviously the attacker will have to have access to the encrypted packets. This can achieved by setting-up a fake base station.

If you are thinking of doing this in the UK you will need special licence or permission from Ofcom or face the possible consequences [3].

Once again the weaknesses are known and the fact that this type of attack has emerged just demonstrates that relying upon incomputable algorithms is not always the best option. The only way to staying ahead of the game is with new encryption implementations.

Links Used:
[1] – http://news.bbc.co.uk/2/hi/technology/8429233.stm
[2] – http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html
[3] – http://www.ofcom.org.uk/radiocomms/ifi/enforcement/illegalbroadcast/
[4] – http://www.ofcom.org.uk/radiocomms/

This entry was posted in Uncategorized. Bookmark the permalink.

7 Responses to GSM encryption attack lowers privacy to zero

  1. Worryingly, there are rumors (though just rumors) that the TETRA system used and installed (at much expense) by the UK government for emergency responders uses a similar encryption algorithim to A5/1, as they were created by the same team in a similar time period and have also been keept secret. There were several versions of the algorithim for the TETRA system, some of which have been neutered (the whole cryptography-is-a -weapon viewpoint) for export, which are almost certainly vulnerable. 🙁

    Also, don’t rely on better encryption algorithims with UMTS — you can always force the phone to fall back to GSM by jamming the UMTS signal.

  2. forex robot says:

    What a great resource!

  3. Amrita says:

    Hi !

    Thanks for sharing such informative post.
    UMTS (3G) is one of the third generation mobile communications technologies – has the development of UMTS in 4G completed?

    Regards
    Amrita
    http://www.quality-web-programming.com

  4. Court says:

    Encryption is must.
    Your post is an eye opener.

  5. shisozyembeme says:

    Very Interesting!
    Thank You!

  6. Sau Waddill says:

    I have put on your blogroll and also have set your current button on my website aspect

  7. Hollis Kirbo says:

    Amazing write-up worthy of a brand new thumbs up. Have any other wonderful low cost guidelines?

Leave a Reply

Your email address will not be published. Required fields are marked *