Cell Phone Encryption Exploit Demonstrated

Saxophonist brings us a story from Forbes about security researchers who demonstrated a new method for breaking the encryption on GSM cellular signals. The presentation was made at the recent Black Hat conference, and it's notable for the fact that the technique only requires "about half an hour with just $1,000 in computer storage and processing equipment." The researchers also claim to have found a faster method, which they intend to market for $200,000 - $500,000. Quoting: "Undetectable, 'passive' systems like the one that Muller and Hulton have created aren't new either, though previous technologies required about a million dollars worth of hardware and used a "brute force" tactic that tried 33 million times as many passwords to decrypt a cell signal. All of that means, Hulton and Muller argue, that their cheaper technique is simply drawing needed attention to a problem that mobile carriers have long ignored--one that well-financed eavesdroppers may have been exploiting for years. 'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?' Muller says."

because

[ILuvRamen]

If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?

Assuming I'm the person they're talking about instead of to...because my neighbors don't have anything interesting to say. Trust me, they're really strange and really boring. Anyway, for those of you wondering what someone could possibly say over a cell phone that's so intercept-worthy, some fancy banks require a key-press or auditory password to access balances and ev

Re:

[letxa2000]

'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?' Muller says."

What a stupid comment. In other words, if some people are going to break the law, let's make sure everyone can. Good idea.

not stupid after all

[erlehmann]

knowledge of this can *only* have some impact if you tell everyone about it. just look WEP, better encryption is the way to go.

Re:because

[palegray.net]

It's really a matter of publicizing the weakness to the point where manufacturers and network providers are forced to do something about it. Average people generally don't care about issues like this until they're really an issue.

Re:

[mrbluze]

It's really a matter of publicizing the weakness to the point where manufacturers and network providers are forced to do something about it. Average people generally don't care about issues like this until they're really an issue.

Well, as you rightly say, most people don't matter in the grand scheme of things. At least that's how it can appear. But in oppressive countries, it's the occasional person in the occasional 'situation' where this stuff really matters, including (and especially) government interception. From that point of view, everybody matters, because if there are no trees (you and me), then there is no forest for fugitives to hide in. Never use a mobile phone, a land-phone, an unencrypted internet connection, etc. for

Re:because

[TheLink]

Regarding government interception, GSM encryption is only from phone to station. At the Telco it's plaintext. So govs can (and probably do) listen to GSM phone calls. Should be common knowledge amongst telco people.

So GSM crypto even if it was uncrackable is not very helpful if you're really trying to hide your comms.

Someone I knew once claimed to have extra crypto on his GSM phone so that he could talk "securely" to other people similarly equipped.

Re:

[palegray.net]

I can assure you, governments of any technical sophistication have been able to listen to your phone calls for a while now, whether they're encrypted or not. Unless of course you're using aftermarket bolt-on crypto solutions, in which case they're still going to get the info if it really matters.

Re:

[russotto]

Regarding government interception, GSM encryption is only from phone to station. At the Telco it's plaintext. So govs can (and probably do) listen to GSM phone calls. Should be common knowledge amongst telco people.

Bingo. I supposed I'd be called paranoid if I suggested the government had dedicated rooms at many telcos where they can intercept whatever phone traffic they care to. But I bet they do.

End to end encryption is a far better solution, but we'll never see it become mainstream.

Let him be...

[Gription]

'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?' Muller says."

What a stupid comment. In other words, if some people are going to break the law, let's make sure everyone can. Good idea.

Let him sit on his couch eating Cheetos. He has the right to be happily oblivious as every personal right slowly disappears because no one is complaining (too busy eating Cheetos!) while the technology that makes it possible keeps getting cheaper and more powerful.

Re:

[ShieldW0lf]

Lets just go with the middle ground. Let everyone listen, and make everyone a member of the government.

Re:

[butlerdi]

Actually, the pass phrases are generally use once and discard. They are generated on demand or pre arranged.

Re:

[Dan541]

Anyway, for those of you wondering what someone could possibly say over a cell phone that's so intercept-worthy, some fancy banks require a key-press or auditory password to access balances and even move funds. You know, like in the movies.

You talk as if phone banking is only in the movies. Millions of people access bank accounts this way myself included.

~Dan

Re:

[TheRaven64]

Do you have to give a pass-phrase though? Every bank I've seen gets you to set up a pass phrase but only ever asks you for two letters from it. If someone intercepts your phone call, it is going to be a long time before the bank asks that combination again, and most will telephone you after a few failed attempts and validate that it is you making them.

Re:

[fbjon]

In that case anyone can eavesdrop and subsequently move all your money away. One time passwords, or possibly generated passwords is the only way to go.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[big_paul76]

Not really. What could you do with his telephone (or online) banking PIN?

Um, I don't know if there's an equivalent system in the US, but up here in Canada, I can transfer money via the interac e-mail system.

http://www.interac.ca/consumers/productsandservices_ol_emt.php [interac.ca]

So, um, yes, if somebody manages to get my username/password for my online banking, they can in fact, drain all my money in under 5 minutes. Now, that can only go to another bank account, and it can only be transferred to another bank in Canad

Re:

[Jester998]

Totally agree in principle, but there are actually additional safeguards with the Interac tranfers.

My bank places a limit of $1000/day on email transfers (I think there's an additional weekly limit as well), so the attacker would have to have continued access for a series of days/weeks to empty out an account.

However, if the attacker has tapped into your communications, he knows when you're going on vacation and won't be around to check your accounts. :p

Re:

[big_paul76]

It's funny you mention that... As I was typing, I decided to see what my bank had in terms of limits. And given I've never sent more than a couple hundred bucks via that system (friends family etc) I think maybe I'll have them drop that to $500.

Re:

[Jester998]

There's been a few times where I hit the limit and had to split transfers over 2 days but it wasn't much of an inconvenience. It still got the money there faster than mailing a cheque!

I'm sure I could have called my bank and had them up the limit, but I'd rather have that additional layer of security, just in case.

Re:

[lucifuge31337]

And if you're going to say that it matches voice pitch and stuff instead of just the word, duh, press record on your laptop when they say it and play it back through the phone.

That's not how voice verification technology works. If it did, it would be totally useless.

Typically, voice sample are requested at random (out of a defined set - like the number 0 through 9) and sane engines look at how the phonemes are strung together when you say something, for example, in the middle of the phrase as opposed

Not too afraid

[MrCrassic]

While this is an extremely powerful re-discovery, I'm not that afraid of average Joe attempting to listen to my conversations, which are boring if anything most of the time. It would still probably take a reasonably quick computer and technical know-how to implement this kind of scheme on a usable scale. Plus, if the FBI and CIA already have the privilege to tap into my conversations, then the fear of security loss is already somewhat of a non-unique one.

Re:

[palegray.net]

While this is an extremely powerful re-discovery, I'm not that afraid of average Joe attempting to listen to my conversations

Wait until Not-So-Average Joe decides to sell transcripts of your conversations as marketing data. Or maybe analyzes your conversations for keywords and extracts just those portions to blackmail you. Ever talk about hating your job? Ever cheated on your significant other? Ever lied on your taxes? The list goes on...

Re:Not too afraid

[Splab]

Ever talk about hating your job?

Yes often, even when at work. Its also no secret that I hate my top boss.

Lying on taxes is pretty much a national trait around here (Denmark), so again yes - some of us have no worries.

But I do despise the fact that someone can listen in on stuff, even though most of what we do is no secret, its still something that annoys me.

Re:

[Splab]

Don't mod him down, its quite a funny video, even if its Norwegians making fun of us :)

Parent does have a point, even within small countries like Denmark the local dialect can be hard to understand, if you drive from Copenhagen to Southern Jutland (around 200km away) the dialect changes so much it might as well be a different language.

Re:

[Gendor]

Here in South Africa I haven't regarded cell phone calls as secure for quite some time. School kids figured out that if you dial the three-digit customer service number on your cell phone, and keep on waiting on the line a few minutes after the voice recording finishes, the following happens: It connects to (I presume) your local tower and you can hear the one side of random cell phone conversations. After a few minutes it switches over to another conversation. You can only hear one side of the conversati

Forbes obviously missed Shmoocon...

[acq3]

http://www.shmoocon.org/ [shmoocon.org]

The presentation will probably be available on the Shmoocon website in the not too distant future. Forbes did the standard mainstream media muddling so check with H1kari for the real deal...

David Hulton = H1kari

[CousinVinnie]

Looks like he gave the same (or longer) presentation at Black Hat.

Overkill for neighbours

[Techman83]

why shouldn't your next-door neighbor?

Considering how many mobile users seem to scream into the damn things this may almost be redundant! /joke

Re:Overkill for neighbours

[RuBLed]

But my neighbors are speaking Klingon when they come out of the basement to talk in their mobile. How could this technology help me?

They're also saying "ghob" out loud... also I think my other neighbors are raptors...

Re:Overkill for neighbours

[palegray.net]

How could this technology help me?

1. Record conversations.
2. Open subspace diplomatic channel to the Romulans [wikipedia.org].
3. Sell the conversations as intelligence data.
4. Profit!

Fabricated recordings

[dj245]

Its a FAKE!

There never was end-to-end encryption...

[compumike]

There are stories like this all the time, but tech people still have trouble convincing most users that end-to-end encryption is important. How is it that it caught on for the web (credit card payments over SSL), but still barely for personal communications (gpg, encrypted IM)? Even in the situations where it's easy to use encryption, many users still can't be made to care -- especially if it's not something enabled by default. Maybe just that those doing the sniffing are suitably quiet about it...
--
Electronics kits for the digital generation. [nerdkits.com]

Re:There never was end-to-end encryption...

[QuantumG]

Ya know, it *is* strange. Take, for example, Pidgin (formerly GAIM). There's about two dozen plugins for it. One of the plugins is Pidgin-Encrypt [sourceforge.net] which does everything that you would expect (except possibly for some sort of certificate system) and is about as secure as ssh. Does it come with Pidgin by default? No. Is it enabled by default? No. Why not? Why is encryption still considered some opt-in alternative? Considering that it takes both parties to consciously choose to install this plug-in, the grand total of people who use it is about 10.

 

Re:

[Spy der Mann]

Perhaps you should pay attention to Off-the-record messaging. Other encryption methods either fail to provide authentication, or plausible deniability.

Re:

[QuantumG]

Don't forget, some people want their messaging both on the record and encrypted.

Re:

[StreetStealth]

OTR, despite its name, does nothing to prevent either you or your fellow conversant from keeping a record of the transcript. The point is that it's on your records only and no one else's.

Re:

[Spy der Mann]

OTR, despite its name, does nothing to prevent either you or your fellow conversant from keeping a record of the transcript.

I watched the OTR presentation video [uwaterloo.ca] (about 1 hour long). The point of OTR is that with its deniable authentication, it allows ANY of the listeners to fake a conversation (a shared encryption key is sent after each message, meaning anyone that reads it could fake it afterwards).

In other words, it proves nothing. Anyone could have faked it.

PGP on the other hand, uses certificates, which

Re:There never was end-to-end encryption...

[jimicus]

How is it that it caught on for the web (credit card payments over SSL), but still barely for personal communications (gpg, encrypted IM)?

That's a very good question.

One idea I've heard is that when SSL was first developed, the web was in its infancy and nobody really felt happy about the idea of sending their credit card details over it. The fact that it was relatively easy to eavesdrop on a computer network was fairly well known. This was no good to anyone who wanted to do business (OK, porn sites) over the web, and so SSL solved that problem by providing reassurance that nobody was eavesdropping.

The telephone system, on the other hand - that's been around so long that it's familiar technology and relatively few people are aware of how insecure it is. If you think GSM is bad (it's actually not that poor, and 3G introduces AES encryption), consider your land line. No encryption whatsoever and an analogue signal (so no computer equipment or specialised unusual codecs required to tap) between you and the telephone exchange.

Re:

[dkleinsc]

The telephone system, on the other hand - that's been around so long that it's familiar technology and relatively few people are aware of how insecure it is.

Not anymore, thanks to the Bush administration illegal wiretaps^H^HTelephone Security Awareness Campaign.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[petermgreen]

you can detect a bug like that on your POTS line by monitoring the voltage on the line.
I call bullshit

provided the bug isn't trying to draw power from the line and has a nice high impedance input stage I very much doubt you could reliablly detect it.

Re:

[p0tat03]

How is it that it caught on for the web (credit card payments over SSL), but still barely for personal communications

Because someone is losing something tangible (i.e. money) when fake credit card payments go through. The users didn't demand it, credit card companies did, to prevent skyrocketing fraud losses. Users themselves have never truly demanded encryption - how many online shoppers do you know that are savvy enough to look for proper SSL encryption before typing in their credit card number?

Re:

[SCHecklerX]

But (and I'm truly naive here), has there ever been a documented case of people stealing CCNs by sniffing? It's always something else. Chicken and Egg, I know, but still something to think about. If I wanted the numbers, I'd find an easier way to do it (although I guess finding the right person at an ISP to bribe could be pretty easy).

Re:

[StikyPad]

Close. CC companies don't cover fraud losses; merchants do.

Re:There never was end-to-end encryption...

[hitmark]

automation, pure and simple...

the browsers come pre-equiped and will use it when ever a url starts with https rather then http.

also, the encryption isnt used to verify that whoever is sitting in front of the computer is who he or she claims to be, for that you have third party stuff like pads of one time codes, code generators and similar.

for im and mail on the other hand one have the, in the eyes of the non-techie user, laborious process of generating and exchanging keys, and making sure that the keys belong to the person one wants to communicate with.

only way i see this change is if we could turn the mobile phone into a digital key carrier. meet someone, exchange keys pr phone just as one would exchange phone numbers, im/mail address and similar, and so on.

or maybe the social network sites should allow one to upload ones public key just as on enter above numbers and addresses?

basically one have to find a way to bring the exchange of public keys into the fabric of ones social interaction. sadly i dont think that will happen any time soon...

Re:

[Aqualung812]

I like the idea of training people to exchange keys as they would phone numbers, except keys *should* expire. I don't change my phone number every year, but I should change my private key.

Re:

[hitmark]

well if one could get all mail apps and webmail services to creating a, or importing a existing, key pair as part of setting up an account, one would be one step closer.

Re:

[imipak]

also, the encryption isnt used to verify that whoever is sitting in front of the computer is who he or she claims to be, for that you have third party stuff like pads of one time codes, code generators and similar.

As Bruce Schneier pointed out, there's an important distinction between authenticating the transaction and authenticating the user. For ecommerce, the merchant needs to know that the card is real (for values of 'real' defined by PCI and similar standards.) The CC companies only care about the transaction; the transaction will complete successfully even if it turns out to be fraud, from the PoV of the CC company, because in that case it's the merchant who pays... and CC still get their money.

It's often f

Re:

[Richard W.M. Jones]

There are stories like this all the time, but tech people still have trouble convincing most users that end-to-end encryption is important.

I think -- and I have no scientific basis for this, but it'd an interesting area of study -- that the answer could be that humans simply haven't evolved to understand the threat. If you live in a small pre-technological tribe then it's easy for your brain to figure out when you're being watched, when you might be being watched, and when you're definitely not being w

Re:

[imipak]

Several reasons for the different takeup rates for PGP, S/MIME etc vs. SSL:

1. There are far few servers to authenticate than there are peers, by a couple of orders of magnitude at least.
2. Running an SSL web server is significantly harder than running a plaintext port 80 one; whereas there's practically no difference on teh client side (checking the lock icon is still pretty rare (actually checking the ssl certs etc is a very minor sport.) Using PGP or S/MIME is kind of analogous to running an SSL webserver.

Obligatory

[Travoltus]

'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?'

Because the Government hates the competition?

GNUradio is also up to GSM cracking

[erlehmann]

and i'll bet they won't charge anything.

check out some movie about the GSM state of security [1] and mod me informative. ;)

[1] http://chaosradio.ccc.de/camp2007_m4v_2015.html [chaosradio.ccc.de]

also, if you know german

[erlehmann]

tune in to chaosradio 56 "GSM Hacking" [1]. (although i doubt that german-speaking slashdot users don't know of chaosradio) [1] http://chaosradio.ccc.de/cre056.html [chaosradio.ccc.de]

For those three people ...

[BorgDrone]

This sucks, for those three people still using GSM.

What about the security of UMTS ?

Re:

[excelblue]

GSM is still the dominant standard in many nations. For example, in the US, you're stuck with either GSM, CDMA2000 (1xRTT), or IDEN. There are no other services, except for maybe the almost nonexistent 3G that is being set up. The problem is - the hack is available now, there's many places that still use GSM, and an upgrade in infrastructure will take some time.

Re:For those three people ...

[Anonymous Coward]

Newsflash - most of the world outside the US uses GSM.

Re:

[FireFury03]

No, most of the developed world already has a 3G infrastructure. Only technological backwaters like the US still use GSM.

3G coverage in most of the developed world is significantly worse than GSM - your 3G phone will drop back to GSM mode in poorly covered areas. Not to mention that most of the undeveloped world uses GSM almost exclusively.

(I also hesitate to point out, for risk of starting a flame war, that a certain recent over-hyped phone only does GSM)

Re:

[Tony Hoyle]

Except I haven't see a 'poorly covered area' in about 4 years and I've been around a bit. You can get standard 3G even in the middle of the countryside in this country and UMTS in any built up area (which is why laptop 3G dongles are so popular now.. it's way more ubiquitous than wifi, generally cheaper, and quite often faster - giving a constant 3.5Mbps wherever you are, rather than on some wifi point hanging of someones's 1mb DSL line).

The idea that 3G is somehow rare appears to be a US afflction.

Re:

[BorgDrone]

No to talk about developing and undeveloped nations where the cellular network is basic (read no frills, only voice and SMS), for which it is not cost-effective to deploy UMTS and advanced functionality.

I think it would be quite cost-effective to skip GSM there and go for UMTS straight away. This way, you can roll-out both voice and internet access at the same time. It's way more cost effective to put up one UMTS tower to provide both services, especially if there is no existing infrastructure that can be r

Re:

[Matt Perry]

And a large number of people in the US are on analogue.

That's highly unlikely considering that mobile phone companies are decommissioning their analog networks this year. The largest US mobile providers turned off their analog service on Monday [washingtonpost.com].

Re:For those three people ...

[GreatBunzinni]

Don't you mean 2.3 billion people [prnewswire.com]? I mean, over 80% of the world's cell phones? The world doesn't end at your doorstop, you know?

Coming soon, try it yourself...

[kanweg]

Unless their patent application is kept confidential by the government for reasons of national security, it will be published within 18 months. You'll be able to learn how the trick works from it (if you're an expert in the field and you cannot make it work, no patent should be granted). You're not allowed to exploit that commercially, of course, but at least you can have fun and pull a few pranks with it. You could claim you're psychic.

I'm wondering how you ever could tune in to the correct conversation, with thousands of mobile phones transmitting at the same time.

Bert

Re:Coming soon, try it yourself...

[TubeSteak]

I'm wondering how you ever could tune in to the correct conversation, with thousands of mobile phones transmitting at the same time.

GSM phones identify themselves to the network using a unique International Mobile Equipment Identity (IMEI) #.

This number is usually printed on the phone somewhere under the battery cover & is retrievable from the phone's software.

Re:

[Tony Hoyle]

IMEI is not transmitted cleartext. In general conversation even the IMSI is only transmitted once for billing purposes and then obfuscated for the rest of the conversation (a temporary IMSI is generated from the real one which identifies the conversation without giving away any private information).

Breaking a conversation would mean calculating KI somehow, which is a 128bit key locked in the SIM and not retrievable at all. UMTS is even more secure (provides protection against MIM attacks, more keys, etc.)

Re:

[jamar0303]

What are you talking about? Ki is easily extracted from most modern SIM cards- that's how the first iPhone unlocks (pre-software unlock) worked.

Re:

[TheoMurpse]

You're not allowed to exploit that commercially

Actually, you can't exploit it non-commercially, either. A patent blocks any non-patentee and non-licensee from even creating something covered by a patent, regardless of whether it's for private use or not. Hell, using a patented invention that was made without the patentee's permission makes you an infringer. For example, if I made one of these machines for fun, I'd be infringing. Then, if I gave it to my friend for free, even if he thought it was a legit pro

Here's your answer.

[palegray.net]

'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?'

It's called common decency, something that's clearly fading away in our society.

Re:

[QuantumG]

Yes, I was thinking about that in the previous story about medical information.. in that it isn't the security of the storage system that makes medical information confidential, it is the respect that people show for others. If you have medical staff that don't care about the confidentiality of medical information, then no amount of locks will keep it confidential.

Re:

[palegray.net]

If you have medical staff that don't care about the confidentiality of medical information, then no amount of locks will keep it confidential.

Absolutely right. It's like the old quote says: locks are only designed to keep honest people out.

Re:

[TheoMurpse]

It's called common decency, something that's clearly fading away in our society.

Why don't you ask black people or women if they'd like to return to the "era of common decency." Or the Japanese. Or anyone who's not of northwestern European heritage.

Privacy the least of our concerns

[EdIII]

My first thought about this was privacy and the government. Obviously.

From my understanding though, this encryption is certainly not applied over the whole transmission, meaning endpoint to endpoint. Just the handset to the tower.

The government does not actually need to crack this encryption, or even intercept transmission between handsets and towers. They can just order digital wiretaps, which cannot be detected. Speaking of which, I have always been amused when people state they you can just buy hardware to detect that too. The location of the handset is easily determined, and in most cases the identity of the user. The government already has the ability to access all of this information with the cooperation of the telecommunications companies anyways. With Telco Immunity being pushed, there won't even be room to dispute it anymore.

So not trivializing the serious issues with our privacy and the government, they are still the least of our concern here.

What strikes me as very problematic is that this opens up a whole new "market" for identity theft, banking fraud, etc. I do quite a lot of business over the phone, and just about every single company uses the touch tones to gather data. Capturing the the numbers by listening to the tones is trivial. This can be done quite easily by software and hardware.

So if all the popular company phone numbers are known, and all the data being sent to it by customers can be recorded, this presents quite a security problem. With the right amount of equipment you can start capturing all sorts of data being sent over the phone. It will only be a matter of time before you gain enough information to compromise someones identity.

I am not worried about my neighbors, not worried about my government, but I am very worried about the stranger interested in the fact I called Washington Mutual.

Re:

[QuantumG]

The government does not actually need to crack this encryption, or even intercept transmission between handsets and towers. They can just order digital wiretaps, which cannot be detected.

Dude, they didn't say which government.

Re:

[EdIII]

Fair enough. I was obviously speaking about the US, and GSM networks are deployed in a lot of countries.

I would still say that governments are the least of anyones concern, as far as cell phone security. A government most likely has the ability, note I did not say should, to wiretap any phone communication. Land line or wireless, does not matter. This ability can be granted to them by various laws, and they don't have to doing it illegally.

They also have the ability to obtain records from corporations.

Re:Privacy the least of our concerns

[QuantumG]

Yeah, you're still not getting it. The US government often likes to listen to cell phone conversations in, say, oh, I don't know, Iraq? Syria? A lot of other places where GSM is the cheapest technology available. Some governments like to do the same thing inside the USA. There aint no getting a wiretap when you're an agent for a foreign government.

Re:

[EdIII]

Okay. I guess I am really confused.

So you are saying that foreign governments may be spying on communications inside the USA?

I am actually far far less concerned about that. What could a foreign government gain by knowing all of my information? My medical records, banking information, bank accounts, etc. Are they going to attack me as part of some strategy?

That is something the US government has to be concerned about on my behalf. If another government started to do that, it would not be secret for lon

Re:

[hibji]

Your position is basically a "who cares if i have nothing to hide" attitude. Bruce Schneier has an excellent writeup about the value of privacy here:

http://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html [schneier.com]

Basically, privacy is a right, not a privilege. It is not something that should be easily given away.

To answer your question, the idea is that other friendly governments (UK, Australia) do the eavesdropping on the US's behalf. The US does the same for them. They then share the information wit

Re:

[dave562]

I think you're missing the point that he is trying to make. My reading of what he wrote comes across as, "I'm not worried about the government stealing my bank account information. I'm worried about the local Russian mob associated cracker." It isn't that he doesn't have anything to hide, or that the government can already see it. He's worried about those who don't currently have access to the technology gaining access to it.

Re:

[EdIII]

Thank You.

I thought I was being clear about my statements, and that anybody could understand what I was saying.

The article was talking about encryption on cell phones being broken, that's it.

Re:

[EdIII]

That is not even close to my position. I have a hard time understanding how you get a "who cares if I have nothing to hide" attitude.

If you read the article AND my posts, I am specifically talking about encryption applied on communications between cellular handsets and the towers. I am stating, that in that SPECIFIC EXAMPLE, that the governments are the least of our concerns.

Let me explain, again. I'll do it a little more carefully.

There are 3 considerations here:

1) Privacy.
2) Security.
3) Legality of int

Re:

[dkf]

Yeah, you're still not getting it. The US government often likes to listen to cell phone conversations in, say, oh, I don't know, Iraq? Syria? A lot of other places where GSM is the cheapest technology available. Some governments like to do the same thing inside the USA. There aint no getting a wiretap when you're an agent for a foreign government.

While this is indeed true, I'd be more worried about private-sector people from Russia or Nigeria.

Though in my case, if they listened in what they'd find out is that "I'm On The Train", and "I'm Going To Be A Bit Late". Earth-shattering stuff!

Re:

[WindBourne]

Why do you assume that it is private-sector? In general, Russia and China not only give cover, but actual assistance to those that will crack western systems. Conservatives everywhere should be happy in that we are going back to the old days; Now that Russia and China have money, they are taking us back to a cold war (though I believe that china never really left it).

So?

[Sycraft-fu]

Ok let's say Iraq has a major intelligence operation in the US. Now let's say they listen in on cellphones. You think they are going to listen in on mine? Why the hell would they waste the time? I don't have anything to say that would be of interest to them. I don't have access to any military secrets, I don't have any knowledge of what our government is doing that you can't find out on CNN. I'm not of any interest to them.

So what would they do? Listen in and steal my bank information? Ok, except that would

Re:

[QuantumG]

You know there are people in the world other than you right? And most of them use cell phones and don't really think about security. People like CEOs of companies that are about to go public. People like stockbrokers who place orders that change the direction of the market. People who having an affair right now and work in some shit-kicker job for a senator now but may one day be in a position of power. The list goes on. Basically, if you can't think of a better use for cell phone hacking than stealin

Re:

[kent_eh]

So what would they do? Listen in and steal my bank information? Ok, except that would be world class retarded. You spend all this time establishing good cover and getting set up in your target nation, and then blow it to steal a few grand from someone?

Maybe stealing it from *one* random dude is stupid, but what about cleaning out the bank accounts of several hundred random people simultaneously (after spending some weeks/months collecting data)?

Odds are several of those folks would have more money than you, and the score could be fairly significant.
Plus it would cause a certain amount of chaos and distrust in the banking system. Does that sound like something that a terrorist group might be interested in doing (especially in conjunction with some other

CCC

[norkakn]

How does this compare to the CCC crack? Can it do all of the encryption standards?

http://video.google.com/videoplay?docid=8955054591690672567&q=CCC+GSM&total=2&start=0&num=10&so=0&type=search&plindex=0 [google.com]

GSM telephone banking

[23r0]

...but a very big problem is the fact that people, i.e. myself, are using GSM for banking. The security of phone banking 100% relies on GSM encryption. You are just identifieing yourself via PIN, and that's it - you are fully authenticated - unlimited access to the account! This is unusable now. No skimming needed...

Lets look at some facts....

[threeturn]

This is a good hack, and impressive work by all involved, but its rather limited in its application. It only works against the GSM A5/1 encryption algorithm. While there is a huge amount of A5/1 equipment out there it's a ~30 year old algorithm that was designed to run on battery powered equipment from the late 80s.

New GSM equipment already supports A5/3 [gsmworld.com] which is still secure. I think the main impact of this hack is going to be some sensational headlines and a big push to make A5/3 universally available.

Re:

[threeturn]

Just to emphasise the point:

that their cheaper technique is simply drawing needed attention to a problem that mobile carriers have long ignored--one that well-financed eavesdroppers may have been exploiting for years

Clearly the carriers haven't ignored this problem - they have produced a better encryption algorithm in the form of A5/3. The real problem is that the governments hold the carriers over a barrel. If the encryption gets too good then the algorithm is subject to all kinds of export restrictions which makes it very difficult to use in a global standard like GSM.

I thought this had already been done?

[Noryungi]

Being able to crack the GSM A5/1 encryption with thousands of US dollars (instead of millions) is nice, but the encryption scheme itself was cracked long ago [cryptome.org], and by Prof. Shamir (of RSA fame), no less.

Gaining delicate corporate information

[Mushur]

Imagine listening in to the CEO of a Fortune500 company in the days preceding financial reports. You may gain very valuable information. As we saw last week, it is not considered insider trading if you hacked your way to the data. Also competing firms could use this to be one step ahead, and potentially can ruin another firm.

iPhone

[kellyb9]

Among the phones included clearly can't be the iPhone, otherwise the title would be, "iPhone encrpytion exploit demonstrated!!"

huhhh?

[Vexorian]

if governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?

I mean really, I am only worried about the government and people with millions of dollars being able to listen my conversations, the next-door neighbor is not as scary as them. I am not sure why they place the neighbor as the worst case scenario of privacy lost...

Cellphone encryption was a joke anyway

[Sloppy]

No matter how good their cipher, it is only between the phone and the edge of the telecom provider's network. The provider had your plaintext, and laws like CALEA require them add security holes to their network. At a minimum, the government had access to your plaintext. Beyond that minimum, who the fuck knows who else had access to it. Your neighbor might have been listening anyway.

Security cannot be left to the provider. Treat them as a hostile network.

Many (most?) phone calls are between people wh

Re:

[Yeff]

Way back when (1994) I had a scanner and listened to a few conversations of my neighbors. Turns out that if you don't know the person and what they're talking about then the conversations are extremely boring. People just aren't that interesting on the phone.

Re:

[QuantumG]

Scanner? We used to just use a Motorola flip phone and the scanning codes that were kindly built into it by the company. *43# etc

Whenever the phone you were scanning moved from one cell to another you'd lose the signal but it would display on the screen what channel it had changed to.. in hex.. so you'd either convert the hex to decimal, enter that channel and pick up the conversation or you'd scan for another call.

And yes, it was boring as hell.

Re:That would be awesome

[robably]

Turns out that if you don't know the person and what they're talking about then the conversations are extremely boring. People just aren't that interesting on the phone.

I had the exact opposite experience. I found other people's conversations fascinating, but within a couple of days I'd heard stuff that was so personal it made me realize I shouldn't be listening. Thinking about it, experiencing that at 14 probably led me to believe in people's right to privacy and anonymity today. It certainly led to me never buy a cordless house phone.

Re:

[mrbluze]

Imagine being able to listen in on your whole appartment building's conversations.

Mental note: If I ever decide to have an affair, I'd better make sure I don't use a GSM phone.

Re:That would be awesome

[jacquesm]

message to your significant other: if he ever uses a non-gsm phone get the frying pan :)

Re:

[Mr2001]

Isn't CDMA inherently harder to eavesdrop on, though? Without knowing the codes that each handset is using, all you get is noise, and that's at a lower level than any encryption.

Re:

[snoyberg]

Well done troll. NoScript to the rescue again! (For everyone's info, that links is MyMinicity, with a rather "colorful" city name.)