GSM is insecure

Whatever assurances have been given about the security of GSM cellphone calls, forget about them now. Breaking GSM With a $15 Phone … Plus Smarts article tells that a pair of researchers demonstrated a start-to-finish means of eavesdropping on encrypted GSM cellphone calls and text messages, using only four sub-$15 telephones as network “sniffers,” a laptop computer and a variety of open source software. To create a network sniffer, the researchers replaced the firmware of a simple Motorola GSM phone with their own alternative, which allowed them to retain the raw data received from the cell network, and examine more of the cellphone network space than a single phone ordinarily monitors. Upgrading the USB connection allowed this information to be sent in real time to a computer.

While such capabilities have long been available to law enforcement with the resources to buy a powerful network-sniffing device, the pieced-together hack takes advantage of security flaws and shortcuts in the GSM network operators’ technology and operations to put the power within the reach of almost any motivated tech-savvy programmer.

GMS is all a 20-year-old infrastructure, with lots of private data and not a lot of security. Several of the individual pieces of this GSM hack have been displayed before. For example the ability to decrypt GSM’s 64-bit A5/1 encryption was demonstrated last year.

tonyk_phone

“GSM is insecure, the more so as more is known about GSM,” said Security Research Labs researcher Karsten Nohl on the article. “It’s pretty much like computers on the net in the 1990s, when people didn’t understand security well.”

3 Comments

  1. Tomi Engdahl says:
    Researchers Demo New GSM Attacks at Chaos Communications Congress
    http://mobile.slashdot.org/story/11/12/29/178215/researchers-demo-new-gsm-attacks-at-chaos-communications-congress

    “A new attack on the GSM mobile communications protocol has been demonstrated by Karsten Nohl and Luca Melette of Security Research Labs, based off their previously published attacks around vulnerabilities in the GSM A5/1 encryption protocol. This new attack, which Nohl indicates already in use by criminals, allows an attacker to simulate a GSM mobile and use it to make calls and send text messages. Nohl also discussed protective measures users should take against these attacks, and others in use by intelligence communities around the world.”

    Reply
  2. Tomi Engdahl says:
    Norwegian professor emeritus of Jan Arild Audestad reveals that the GSM network in the birth of it the original intention was to use 128-bit encryption.

    The British authorities pressured to use the 48-bit encryption.

    As a compromise the GSM network resulted in using 64-bit encryption, in which the last ten bits are zeros. In practice, therefore, the encryption of 54-bit.

    64-bit A5/1 encryption was broken by 2009, when the German Karsten Nohl hacker partners announced this on and put the necessary codes for online distribution. 128-bit A5/3-versio was introduced in 2007 and it is still considered safe.

    One comment says that some networks in certain countries used even weaker the A5 / 0 option “no encryption”.

    Sources:
    http://www.tietoviikko.fi/kaikki_uutiset/gsmverkon+kehittajat+paljastavat+brittien+tiedustelupalvelu+painosti+kayttamaan+heikompaa+salausta+jo+1980luvulla/a959220
    http://www.nrk.no/norge/presset-til-a-svekke-mobilsikkerhet-1.11460787

    Reply
  3. Tomi Engdahl says:
    A GSM Base Station With Software Defined Radio
    http://hackaday.com/2014/07/05/a-gsm-base-station-with-software-defined-radio/

    It’s a GSM base station made with a BeagleBone Black and a not too expensive software defined radio board.

    the total cost of the hardware somewhere around $750.

    The software side of the build is mostly handled by OpenBTS, the open source project for the software part of a cell station.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*