Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Open Source GSM Cracking Software Released

CmdrTaco posted more than 4 years ago | from the oh-this'll-be-just-fine dept.

Cellphones 112

angry tapir writes "The GSM technology used by the majority of the world's mobile phones will get some scrutiny at next week's Black Hat security conference. An open source effort to develop GSM-cracking software has released software that cracks the A5/1 encryption algorithm used by some GSM networks. Called Kraken, this software uses new, very efficient, encryption cracking tables that allow it to break A5/1 encryption much faster than before."

Sorry! There are no comments related to the filter you selected.

Awesome (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32992100)

Will this allow me to finally clone my multiple V2 sim cards on a single super card so I won't have to carry multiple GSM cards when I travel abroad?

Re:Awesome (0)

Anonymous Coward | more than 4 years ago | (#32992416)

No, since it's related to eavesdropping on conversations and has nothing to do with cloning SIM cards?

Re:Awesome (1)

TooMuchToDo (882796) | more than 4 years ago | (#32992960)

I'm still not clear on why my Android phone can't emulate SIM cards in software so I can have multiple numbers on one phone. I'm aware only one phone number could be active at a time if the phone only has one radio.

Re:Awesome (2, Insightful)

guruevi (827432) | more than 4 years ago | (#32993298)

Because then you could copy the card and put it on another phone having effectively multiple phones with the same number. I don't know how the network handles that but I think at least chaos ensues.

Re:Awesome (2, Informative)

kent_eh (543303) | more than 4 years ago | (#32994214)

I don't know how the network handles that but I think at least chaos ensues.

No, actually the network notices that the same phone number is in 2 (or more) different locations, recognizes that's a fraudulent scenario, and shuts them all down.
Then the legitimate owner of the number complains about being shut down, and is issued a new SIM.

Re:Awesome (1)

Amouth (879122) | more than 4 years ago | (#32993986)

Maybe it just temnology

only one iccid can be active per imei

as for phone numbers you canhave more than one attached to a iccid - you just have to get your provider to assign the number(s)

Re:Awesome (5, Informative)

athakur999 (44340) | more than 4 years ago | (#32994034)

There is a key value on the SIM. The same key value is also provisioned in your subscriber profile in your provider's main subscriber registry (aka an HLR - Home Location Register).

When you're connecting to a mobile network, the serving switch sends a request to your provider's HLR. The HLR sends a set of tokens and an "expected result" value to the serving switch. The serving switch then sends those tokens down to your mobile. Your mobile then sends those tokens to your SIM card and your SIM card sticks them into a function along with the key value and produces a result value. The result value is passed back to your phone and your phone passes it back to the serving switch. The serving switch then compares the result value from your phone with the "expected result" value from your provider's HLR and if they match up, you're good to go.

Only the SIM and the HLR know your individual key value. Your mobile and the serving network are never provided this value. That's why your phone can't simply replicate the function of your SIM, because it would need to know the key value.

I think the problem alot of people have is they think of the SIM as just a dumb piece of storage. It really is a separate little computer in it's own right that just so happens to live behind your phone battery.

Re:Awesome (1)

TooMuchToDo (882796) | more than 4 years ago | (#32994816)

Thank you for the informative post!

Well FUCKING A THIS IS A GOOD THING FOR ALL (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32992144)

We aim to please to bad people in the world. with our open sores !!

Re:Well FUCKING A THIS IS A GOOD THING FOR ALL (2, Insightful)

tibman (623933) | more than 4 years ago | (#32992222)

They are TRYING to show that the ability to crack GSM must already exist because it has been so easy for them to do. If a Government or powerful organization wanted to listen to a GSM call, they could be doing it today.

Re:Well FUCKING A THIS IS A GOOD THING FOR ALL (3, Informative)

Luckyo (1726890) | more than 4 years ago | (#32992270)

Not could but can. It's a pretty well known fact that in most western countries there are schemes in place to allow intelligence agencies direct internal access to cell phone provider networks.

Re:Well FUCKING A THIS IS A GOOD THING FOR ALL (1)

interval1066 (668936) | more than 4 years ago | (#32992422)

"It's a pretty well known fact that in most western countries there are schemes in place to allow intelligence agencies direct internal access to cell phone provider networks."

All the more reason to port Zimmerman's Zfone [nytimes.com] to the iPhone and Android and any other smart phone you can think of.

Re:Well FUCKING A THIS IS A GOOD THING FOR ALL (1, Informative)

Anonymous Coward | more than 4 years ago | (#32992844)

Indeed. This is no tin-foil hat conspiracy theory - there are NO technical obstacles in place for law enforcement or intelligence agencies to tap into the cell-phone network. I used to work at one of the major providers of hardware for cell-phone networks. My mentor at the time, who worked on this gear all over the world, explained how service providers work with law-enforcement to allow them complete access. I wouldn't know about the paperwork required (warrants and such) but if a three-letter agency shows up at the doorstep of a service provider - telling them they need to listen in on a call - they'll get exactly what they want.

Re:Well FUCKING A THIS IS A GOOD THING FOR ALL (0)

Anonymous Coward | more than 4 years ago | (#32992302)

they are doing it, so what's the fuzz?

Re:Well FUCKING A THIS IS A GOOD THING FOR ALL (2, Informative)

chill (34294) | more than 4 years ago | (#32994192)

The gov't doesn't have to crack the encryption, they're given a back door by the telcos. This is not only happening today, it has been happening for many years.

Google CALEA for one of the more recent incarnations.

Re:Well FUCKING A THIS IS A GOOD THING FOR ALL (1)

tibman (623933) | more than 4 years ago | (#32994670)

I have heard about this sort of thing enough to believe it. But i think the GSM cracking thing is important because it means foreign government agents or other powerful organizations could listen to GSM calls without anyone knowing.. not even the phone companies.

If a foreign embassy had this capability and was safe within its doors, wouldn't that be a scary thing?

Release the Kraken! (5, Funny)

Anonymous Coward | more than 4 years ago | (#32992150)

Release the Kraken!

Re:Release the Kraken! (5, Funny)

Anonymous Coward | more than 4 years ago | (#32992314)

Patch the Kraken! Update the Kraken! Sign up for mailing lists about the Kraken!

I guess that joke only works for releases :/

Re:Release the Kraken! (2, Informative)

dch24 (904899) | more than 4 years ago | (#32992566)

If all you want to do is build it, you'll want this:

http://reflextor.com/trac/a51 [reflextor.com]

It took me a minute of googling to find that. Hope it saves you some time. Note that their server is getting slashdotted right now.

Re:Release the Kraken! (2, Insightful)

PolygamousRanchKid (1290638) | more than 4 years ago | (#32992998)

Patch the Kraken! Update the Kraken!

I prefer to fork the Kraken . . . garlic sauce and fresh bread on the side . . .

Re:Release the Kraken! (2, Funny)

roman_mir (125474) | more than 4 years ago | (#32996168)

you are Kraken me up

Please, please... (3, Informative)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32992202)

Get with the times, guys. This isn't "GSM cracking" this is "GSM lawful intercept"... At least that is what the folks who already do it routinely call the practice...

Re:Please, please... (0, Flamebait)

KZigurs (638781) | more than 4 years ago | (#32993210)

Uhm? No. The Goverment just has a copy of every conv shipped to them directly from exchange.

Re:Please, please... (0)

Anonymous Coward | more than 4 years ago | (#32995202)

actually no. Those of us who do GSM lawful intercept don't pick it out of the air. We get it nicely delivered over some ISDN lines to our office, in plain text so to way. Much better than mucking about in a van chasing the guy. Now at least we can watch the match while he is watching the match too

How ironic (0, Troll)

bonch (38532) | more than 4 years ago | (#32992306)

Burning some karma here.

Ironic that this is hot on the heels of Slashdot's pro-net neutrality story. If the government took over the internet, it would make sure to "regulate" any websites posting this kind of cracking information. Want to pirate it on Bittorrent? Sorry, the government would "regulate" Bittorrent too thanks to political donations from lobby groups like the RIAA/MPAA. In fact, the government would require all your activities to be logged by ISPs for investigative purposes.

Net neutrality--proving that there are always people naive enough to hand great things over to the government where they are ruined forever.

Re:How ironic (2, Informative)

SimonSaysBleed (1773972) | more than 4 years ago | (#32992402)

Burning some karma here.

Ironic that this is hot on the heels of Slashdot's pro-net neutrality story. If the government took over the internet, it would make sure to "regulate" any websites posting this kind of cracking information. Want to pirate it on Bittorrent? Sorry, the government would "regulate" Bittorrent too thanks to political donations from lobby groups like the RIAA/MPAA. In fact, the government would require all your activities to be logged by ISPs for investigative purposes.

Net neutrality--proving that there are always people naive enough to hand great things over to the government where they are ruined forever.

Net Neutrality is not about the government taking over the internet! It is exactly the opposite (they ensure that the internet is not "regulated"). How many times must this be said?

Re:How ironic (0, Troll)

bonch (38532) | more than 4 years ago | (#32993250)

Net neutrality is about the government deciding what restrictions exist for internet traffic. It is absolutely a government takeover of internet traffic.

ISPs are providing a service. They have EVERY RIGHT IN THE WORLD to regulate what's passing through their networks, because it's their network.

Re:How ironic (1)

Rising Ape (1620461) | more than 4 years ago | (#32993820)

ISPs are providing a service. They have EVERY RIGHT IN THE WORLD to regulate what's passing through their networks, because it's their network.

Not if the public don't agree to that, they don't. If they don't like the regulation, then they shouldn't sell access to their network. Different rules apply for a private facility and one that's open to the public.

Re:How ironic (1)

SimonSaysBleed (1773972) | more than 4 years ago | (#32994480)

So what Chile just did a few weeks ago was a government takeover of the countries internet traffic? http://yro.slashdot.org/story/10/07/13/2056218/Chile-First-To-Approve-Net-Neutrality-Law [slashdot.org] Sure seems like the opposite to me. And the ISPs right to do what they want is all fine and dandy until they show no respect for my privacy or freedom of speech. I'd rather have the government attempt to something on my behalf then let the regional ISP monopolies or oligopolies trample me...

Re:How ironic (3, Informative)

TubeSteak (669689) | more than 4 years ago | (#32994838)

ISPs are providing a service. They have EVERY RIGHT IN THE WORLD to regulate what's passing through their networks, because it's their network.

ISPs are providing a service using infrastructure built on public land.
The internet as we know it would not exist if the telephone/cable companies couldn't use public property.
It's not so simple as "their network, their rules".

wahhh? (4, Insightful)

TiggertheMad (556308) | more than 4 years ago | (#32994860)

ISPs are providing a service. They have EVERY RIGHT IN THE WORLD to regulate what's passing through their networks, because it's their network.

...Really? Then why if I own, say, a restaurant do I need to let minorities eat in my restaurant? I mean, its mine, right? Why should I let the government tell me that I have to serve Blacks and Asians?

Re:wahhh? (0, Flamebait)

wtfamidoinghere (1391517) | more than 4 years ago | (#32996342)

You forgot to check "Post Anonymously", troll.

Re:How ironic (4, Interesting)

rotide (1015173) | more than 4 years ago | (#32992408)

You do realize that net neutrality is the _absence_ of filtering, right?

See, the whole idea is that an ISP that also owns other companies, or is affiliated somehow, can't step in and decide what is and isn't viewable, charge more, etc.

Re:How ironic (4, Insightful)

phantomfive (622387) | more than 4 years ago | (#32992962)

You do realize that net neutrality is the _absence_ of filtering, right?

That is how you define it. Never underestimate the power of a senator who can draft a 2000 page bill that does exactly the opposite of what its title implies. You're just like the guy in the previous conversation who suggests Fox News should be regulated: once you start regulating what can and can't be on the internet, it's just a step away from blocking it.

See, the whole idea is that an ISP that also owns other companies, or is affiliated somehow, can't step in and decide what is and isn't viewable, charge more, etc.

Exactly, it's something the government should be doing. As an example of how it could be done, think of the financial regulator positions created in the financial bill that just passed. For a communications bill, we create an Internet Supervisor position, whose job it is to make sure none of the ISPs are illegally blocking stuff. He goes around, runs tests, etc. Harmless stuff. Then on page 1283 of the bill, in a small, single sentence, we give him power to decide how traffic should be regulated. Then give the Supervisor position to someone sympathetic to our cause, and there is no end to the ways that language can be abused. Should we block traffic we don't like? He has the power. Should we use it to speed up the websites of our campaign donors? He has the power. See how this stuff works?

What needs to be done is break up the monopolies where they exist so there is real competition between ISPs. Then we don't have to worry about this kind of thing: if an ISP does something we don't like, we can switch.

Re:How ironic (3, Insightful)

wiredlogic (135348) | more than 4 years ago | (#32993100)

Senators don't draft (or even read) 2000 page bills. Their corporate overlords have staff to take care of those pesky details.

Re:How ironic (1)

Maarx (1794262) | more than 4 years ago | (#32993244)

MPU

Re:How ironic (4, Informative)

rotide (1015173) | more than 4 years ago | (#32993256)

Add another layer to your tinfoil hat.. I'm not saying what you're suggesting can't happen, but that's not the goal of net neutrality and imagining worst case, back room, scenarios is pointless to argue about.

Onto "Free market solves everything" mantra. No, it will not solve anything unless the fiber that is laid down (read: already there) is open to equal opportunity leasing at fair prices (which means it has to be governmentally regulated) that the small ISP can afford. Otherwise the costs of entry into the market are way too huge and the telco's will simply drop their price enough to not allow the little guy running new fiber to profit, thus sinking their business.

Think about it, if you have no right to their fiber, you have to run your own across the city. That will cost millions, easily. You ignore the cost as you think you can make it up later so you start running fiber. The telco's in the area decide, hey, it's costing them millions, lets just drop our prices to make everyone using them switch to us. Now all your subscribers jump ship because ATT just dropped their service plans to $1 a year. You go under, they buy you out, thanks for the new fiber.

Free market won't work with entrenched telco's who already have the fiber in place plus the will and means to bully you out of the market.

Re:How ironic (1)

phantomfive (622387) | more than 4 years ago | (#32993352)

it will not solve anything unless the fiber that is laid down (read: already there) is open to equal opportunity leasing at fair prices

This sounds like an excellent plan. I endorse your idea.

Re:How ironic (1)

phantomfive (622387) | more than 4 years ago | (#32993380)

Incidentally, it is not a tinfoil hat conspiracy, it is a 'useful' technique that politicians use when they don't want to spell out everything explicitly in a bill. It is exactly what happened with the financial regulation bill.

Re:How ironic (2, Interesting)

bonch (38532) | more than 4 years ago | (#32993304)

Again, you actually believe the government regulating internet traffic is going to be the absence of filtering? Government--the most corrupt organization in the world--is somehow going to be more neutral than a private organization that is beholden to customer satisfaction? That lobby groups like the RIAA won't petition for special restrictions on torrent traffic?

On top of that, an ISP should absolutely be allowed to decide how its network is run and what traffic goes across it. Internet access isn't a constitutional right. It's their network--they can run it however they want to, and if you don't like it, that's life. I don't like the color of my office, but that doesn't mean the government has the right to restrict what colors offices are painted in.

Stop bringing more and more government into our lives!

Big brother is watching you... (1)

TiggertheMad (556308) | more than 4 years ago | (#32994954)

Government--the most corrupt organization in the world-

Really? Really? Citation, please.

Re:How ironic (0)

Anonymous Coward | more than 4 years ago | (#32998698)

than a private organization that is beholden to customer satisfaction

Right! Because everyone can just go to different ISP... oh wait, that monopoly and oligopoly thing they have might be a bit of a issue you insensitive clod.

Re:How ironic (0)

Anonymous Coward | more than 4 years ago | (#32992410)

Nobody supporting net neutrality is proposing that the government "take over the internet". We are proposing that ISPs get common carrier status, just like telephone companies...

Re:How ironic (4, Insightful)

Myshkin (34701) | more than 4 years ago | (#32992434)

I think what you meant to say was that this is exactly what will happen if the telcos took over the internet. They would just not route any traffic to bittorrent at all.

What is this government take over of the internet you speak of? Or do you forget that the government invented the internet? Without the government, we would still be using AOL, Compuserv, and Prodigy. Which, coincidently is exactly what the anti-net neutrality folks would like to see returned.

Anti Net neutrality--proving that there are always people naive enough to hand great things over to corporations where they are ruined forever.

Re:How ironic (0)

Anonymous Coward | more than 4 years ago | (#32993752)

What are you talking about? Corporations already own the internet. AOL, Compuserv and Prodigy came after the internet. The World Wide Web was invented in Europe. This post is not insightful, its just stupid.

Mostly, this conversation is about what is yours and what is not yours. Their network is not yours, you can not take it from them any more than they can take your money from you just because they feel entitled to it. If consumers would take a stand every once in a while instead of rolling over and demanding the government help them because they can't control themselves, you would find companies afraid of pissing off people instead of doing anything they can as long as they can get away with it from the government.

Re:How ironic (1)

Myshkin (34701) | more than 4 years ago | (#32995440)

If consumers would take a stand every once in a while instead of rolling over and demanding the government help them because they can't control themselves, you would find companies afraid of pissing off people instead of doing anything they can as long as they can get away with it from the government.

The government is what we citizens have established in order to establish rules. Citizens united can demand whatever behavior they want from the corporations to whom they grant legal status, using the full force of their government.

You can go be a powerless consumer, I'll remain an empowered citizen.

Re:How ironic (0)

Anonymous Coward | more than 4 years ago | (#32992500)

Net neutrality--proving that there are always people naive enough to hand great things over to the government where they are ruined forever.

I can't tell if you're saying that net neutrality, the idea that we should prevent carriers from throttling bandwidth or denying access based on content, is a bad thing. It has nothing to do with the government regulating the use of bandwidth - it has to do with the government monitoring ISPs that, left unchecked, would unfairly regulate the way their bandwidth is used out of corporate interest (e.g., to deliver higher bandwidth to the websites of their corporate sponsors).

Re:How ironic (0)

Anonymous Coward | more than 4 years ago | (#32993876)

Unfairly? How is it unfair? I am a company and I filter internet access for my employees. Is that unfair to the sites I'm filtering? I am a company and I have some slight performance issues out to the internet for employees, to speed things along I prioritize traffic to and from business related websites we commonly use. Is that unfair to the sites that aren't being prioritized? What if instead of me as the company doing it for my own employees I am an ISP that provides this to business customers. Is that unfair to anybody? What if I sell it to consumers, is that unfair to the sites? What if this is the only option I provide, is that unfair to the sites?

I would say its more unfair to not let people conduct their business as they see fit than to prioritize traffic to people who pay to have their traffic prioritized.

Re:How ironic (1)

Voyager529 (1363959) | more than 4 years ago | (#32994600)

Here is how it's unfair:

I work for my employer. They give me money, so they get to determine what I'm allowed to do on the internet while they're paying me. If they blacklist/whitelist sites on their machines, that's fine. They paid for those machines, they pay for the bandwidth, and they pay for my time. They get to pick what I do with their time and equipment.

I give money to my ISP. It is a world of difference when I pay someone for their services, then they decide how those services can be used.

In other words, the golden rule (i.e. he who has the gold makes the rules) applies unequally between the two. Herein lies the problem.

Re:How ironic (0)

Anonymous Coward | more than 4 years ago | (#32995914)

your argument is a red herring - you're also an idiot

Re:How ironic (1)

Ashriel (1457949) | more than 4 years ago | (#32997426)

I am a company and I filter internet access for my employees. Is that unfair to the sites I'm filtering?

Yes. But it's your business, you censor free speech all you'd like. Your employees are free to access their favorite sites at home.

I am a company and I have some slight performance issues out to the internet for employees, to speed things along I prioritize traffic to and from business related websites we commonly use. Is that unfair to the sites that aren't being prioritized?

Yes. But it's your business, you censor free speech all you'd like. Your employees are free to access their favorite sites at home.

What if instead of me as the company doing it for my own employees I am an ISP that provides this to business customers. Is that unfair to anybody?

Yes. Only now, you're censoring the free speech of the public, which is a violation of the Constitution, at least in spirit.

What if I sell it to consumers, is that unfair to the sites?

No, not really. What you do or do not charge for your service has no relation to individual websites, so long as it's the same for everyone.

What if this is the only option I provide, is that unfair to the sites?

Yes. You are selectively enabling certain sites while crippling others at your whim. What kind of messed up mind doesn't find this unfair?

Re:How ironic (1)

selven (1556643) | more than 4 years ago | (#32992522)

The government already took over the internet when they game one or two big companies local monopolies and exclusive permission to lay wires everywhere. I'd rather have a competitive market with many providers but this is what we're stuck with and government control is the first step to getting one. Don't you think the large ISPs, which also often have a phone business, would themselves want to censor this kind of stuff?

Re:How ironic (2, Interesting)

capnchicken (664317) | more than 4 years ago | (#32992582)

If I wanted a flame war I'd say you know nothing about what a common carrier is.

That however would leave me open to not knowing the concepts of giving an inch and them taking a mile.

Regulation by telling a corporation they can't self-regulate communication based on content will be a sticky issue since it has to be constantly defended against the government saying, YOU corporations can't regulate content but WE can. But at least there are some mechanisms in place that allow the people to control the government. The only mechanisms that allow people to have control over corporations is the market, and if the corporation has a monopoly on the physical lines, there is no market.

Re:How ironic (1)

dward90 (1813520) | more than 4 years ago | (#32992598)

Please define what you are talking about. You seem to think net neutrality allows the government to regulate internet traffic.

If that is the case, you have no idea what the fuck you're talking about.

If that's not the case, please clarify.

Re:How ironic (1)

Ephemeriis (315124) | more than 4 years ago | (#32992656)

I do believe you are confused.

"Net Neutrality" is a term used to describe the Internet as it originally was, and still (to a large degree) is. The idea is that the Internet itself is just a passive means to transfer information from one place to another. The various ISPs along the way have to remain neutral. They cannot give any particular packet special treatment just because they're partnered with a specific company. This means that I'm pretty much able to visit whatever websites I want, download whatever files I want, etc.

The large media companies don't like this, because you can pirate their stuff.

Some ISPs have decided that you ought to be paying extra for special treatment. They'd like to charge you extra to view certain websites. Maybe they'll partner with certain companies... Put together a special package... So your Internet is dead slow if you connect to Google, but blazing fast if you use Bing.

Right now, there are no laws that really govern how the Internet should work. It's been neutral all these years largely just because that's the way it's always been done. But a number of companies now want to start doing things differently.

The "net neutrality" legislation being discussed right now is an attempt to put into law the way the Internet has always worked. So that ISPs cannot charge you extra just to view Google. The current legislation is an attempt to make sure that the Internet remains neutral.

Re:How ironic (1)

kungfuj35u5 (1331351) | more than 4 years ago | (#32994974)

This is most certainly not the intent of net neutrality. The goal is to not bias content and serve all content equally without any filtering of any kind. It prevents ISPs from having tiered platforms with subscription ala carte web services, and it prevents ISPs from throttling bittorrent.

What does this lead to? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32992346)

Does this lead to more wiretapping, or free cellular service?

TFA focus isn't just encryption... (4, Interesting)

rickb928 (945187) | more than 4 years ago | (#32992396)

TFA also points out that eavesdropping as 'easy' as making a fake tower, getting phones to connect to it, commanding them to drop encryption, and having enough disk space to save the conversations. Not very expensive, and not very difficult.

So this would work well if you brought a fake tower with you to an event, like a convention or even a press conference, and just gather conversations at will. Setting up a tower near the White House would not be impossible, unless they already understand this and have an onsite tower they can secure. The Secret Service is no doubt already working with this, if not already in place. If VZW or Sprint is their most common carrier, well, those are different standards so this is not the problem.

All said and done, it is not impractical to be able to eavesdrop on GSM phones, though it is nontrivial. Data intercept I don't know a lot about.

Re:TFA focus isn't just encryption... (2, Interesting)

BitZtream (692029) | more than 4 years ago | (#32992918)

You do realize, that in order for a fake tower to work, it actually has to be part of the network right?

How do you intend to connect to the phone network with your fake tower?

Putting up a fake tower and getting phones to connect isn't hard, but its just about only useful for stop calls.

If you want to listen in on calls with a 'fake tower' it actually has to function as a tower and connect you to a phone network so you can have a conversation. Not much to record otherwise.

Still not impossible, but its not something you can do without someone else knowing about it.

Re:TFA focus isn't just encryption... (1)

pjt33 (739471) | more than 4 years ago | (#32993618)

Forward (over wire or on a different frequency) to another tower elsewhere which pretends to be the phone?

Re:TFA focus isn't just encryption... (1)

Deadplant (212273) | more than 4 years ago | (#32993646)

Why would it be hard to connect the phone network?
You could for example use a phone line... or a voip service...
to receive and route calls TO mobile phone would be difficult or perhaps impossible but outbound calls would be trivially easy.

Re:TFA focus isn't just encryption... (1)

Rigrig (922033) | more than 4 years ago | (#32993762)

Couldn't the fake tower just connect to a real tower?

Re:TFA focus isn't just encryption... (3, Insightful)

chill (34294) | more than 4 years ago | (#32994248)

These have been sold in kits for a few years now. Google "micro cell". You can uplink them to a voip gateway and plop down your own tower on the cheap. Popular for conferences and things like that.

FTFA (2, Informative)

rickb928 (945187) | more than 4 years ago | (#32997318)

"Meanwhile, another Black Hat presenter, Chris Paget plans to demonstrate a completely different way to intercept GSM calls. He's setting up a fake cellular tower that masquerades as a legitimate GSM network.

According to Paget, using open-source tools and a US$1,500 USRP radio, he can assemble his fake tower, called an IMSI (International Mobile Subscriber Identity) catcher. In a controlled experiment, he's going to set one up at Black Hat and invite audience members to connect their mobile phones. Once a phone has connected, Paget's tower tells it to drop encryption, giving him a way of listening in on calls."

Yes, the only question is how to get it to forward calls. A perverse thought is someone plugging a Magic Jack into it, but you probably need something more sophisticated. Like Skype, or Asterick and some SIP minutes. Maybe not even that.

Read Chris's [tombom.co.uk] blogs [tombom.co.uk] . She's clever. ps - I assume she's a she, she carries a handbag and wears heels, but I'm somewhat limited [tombom.co.uk] in my outlook, acording to Chris. I can only tell her how I see it from my frame of reference.

Re:TFA focus isn't just encryption... (1)

phantomcircuit (938963) | more than 4 years ago | (#32993254)

The majority of phones have the ability to display an icon when operating in an unencrypted mode, but the carriers turn the icon off.

I seriously doubt the secret service relies on the security of the cell phone network, regardless of who the carrier is.

Re:TFA focus isn't just encryption... (0)

Anonymous Coward | more than 4 years ago | (#32993678)

The majority of phones have the ability to display an icon when operating in an unencrypted mode, but the carriers turn the icon off.

I seriously doubt the secret service relies on the security of the cell phone network, regardless of who the carrier is.

When I was in Egypt in January, my phone actually told me that encryption was off whenever I made a call (Sony Ericsson Naitë / J105)

Re:TFA focus isn't just encryption... (1)

rickb928 (945187) | more than 4 years ago | (#32997344)

Which is why I suspect the Secret Service either has towers on site, or has the carriers locate them onsite. After this article, I would expect that. Now how to prevent such a hack when the users get off the property.

Oh, wait, surely WH staffers have properly encrypted phones, not just carrier encryption. And those that don't, they must be told to discuss nothing on the phone. Nothing.

Really? (0)

Zedrick (764028) | more than 4 years ago | (#32992438)

"used by the majority of the world's mobile phones"

I don't know much about mobile phone tech, but this sounds strange. This is 2010, I don't know anyone still using a GSM-phone, most of us switched to 3G 6-7 years ago. If it's true, surely GSM users are in the minority in the developed world?

Re:Really? (1)

Slashdot Suxxors (1207082) | more than 4 years ago | (#32992580)

I'm not a cell phone guru, but it's something like this: 3G is a "standard" (not an official one IIRC) of how fast data transfers are on a cellular network. If a phone is 3G capable, it supports these faster speeds. The GSM spectrum is divided into different bands, depending on where you're at in the world. Eg, a phone that gets 3G service in the US most likely won't get 3G service in Europe. On the flipside, you can get 3G speeds on CDMA networks (VZW is CDMA) but it's more commonly referred to as EV-DO. 3G is just a measure of potential speed for the most part.

Re:Really? (1)

nxtw (866177) | more than 4 years ago | (#32997322)

3G is referring to UMTS here.

My phone that gets 3G service in the US will get 3G service in most countries - European countries included. This is true for many AT&T phones.

Re:Really? (3, Informative)

Eponymous Coward (6097) | more than 4 years ago | (#32992660)

From the GSM wikipedia page:

In 2010, threatpost.com reported that "A group of cryptographers has developed a new attack that has broken Kasumi, the encryption algorithm used to secure traffic on 3G GSM wireless networks. The technique enables them to recover a full key by using a tactic known as a related-key attack, but experts say it is not the end of the world for Kasumi."[17] Kasumi is the name for the A5/3 algorithm, used to secure most 3G traffic.

Re:Really? (1)

IamTheRealMike (537420) | more than 4 years ago | (#32993638)

It's been broken in a way that probably does not allow it to be used to decrypt phone traffic - big difference. That said, it's unfortunate that KASUMI has this weakness, even though it appears to be the result of new cryptographic research, given the speed with which new ciphers can be rolled out.

Re:Really? (0)

Anonymous Coward | more than 4 years ago | (#32992898)

3g phones have 2g functionality too, and that is GSM everywhere except some operators in North America (where it's CDMA).

Re:Really? (1)

Urza9814 (883915) | more than 4 years ago | (#32993400)

3G is GSM.

Re:Really? (1)

mzs (595629) | more than 4 years ago | (#32995102)

If you put a SIM card into your 3G phone, then it is GSM. The term 3G has become little more than marketing rubbish at this point.

Re:Really? (1)

bz386 (1424109) | more than 4 years ago | (#32995924)

If you put a SIM card into your 3G phone, then it is GSM. The term 3G has become little more than marketing rubbish at this point.

That is incorrect. 3G is UMTS, but can seamlessly hand over calls to the 2G GSM.

Re:Really? (1)

mzs (595629) | more than 4 years ago | (#32996522)

You are right a UMTS phone that takes a SIM card is almost always really a UMTS/GSM phone that works on both. It is also 3G. But a EVDO, CDMA2000, and EDGE (also takes a SIM BTW) phone are also 3G. EDGE is a part of the 3GPP GSM standard in fact. True though that GSM itself is considered 2G or 2.5G. The 3G is an ITU standard, but pretty much anything with certain minimum peak performance and that can handle data and voice concurrently is allowed. I was trying to be cute with a short reply. it's all actually pretty convoluted and in fact UMTS shares many similarities with GSM though a different set of standards.

What I don't get about encrypted communication... (3, Insightful)

mark-t (151149) | more than 4 years ago | (#32992504)

What I don't understand is why they don't use something along the lines of a Diffie-Hellman key exchange when a call is being set up. In the case of wireless communication, all data gets broadcast in all directions, so setting up an MitM attack wouldn't work, or at least be instantly recognized as such, unless one could somehow intercept 100% of the signal before it reaches its destination, which I'd think isn't generally going to be feasible.

Re:What I don't get about encrypted communication. (3, Insightful)

Anonymous Coward | more than 4 years ago | (#32992680)

Part of the issue... you have to remember how old the GSM standards are. The processing chips didn't have nearly as much oomph as they do today. Most more modern encryption schemes would not have been feasible to even put in a chip that would a) physically fit in a cell phone b) be low enough power to have any meaningful cell phone usage c) have costs low enough to be considered cheap enough to put into cell phones.

Simple explanation (0)

Anonymous Coward | more than 4 years ago | (#32993056)

"Lawful" interception.

Re:Simple explanation (1)

mark-t (151149) | more than 4 years ago | (#32993804)

Even lawful interception would be virtually impossible, because you can't, in general, intercept all of an airborne signal and prevent it from reaching its destination, particularly when you don't even know in advance exactly where the sender is going to be.

And simply trying to eavesdrop on a communication that is using such a key exchange won't help matters because the discrete logarithm problem is NP-hard. Even if you do figure it out, by the time you've solved it the communication would be long since over, and different keys are going to picked next time so you'd have to start from scratch.

Re:Simple explanation (0)

Anonymous Coward | more than 4 years ago | (#32997162)

Uh, you aren't thinking. The other AC was pointing out that the government would never allow the major phone producers and cell carriers to promote a system with end-to-end encryption because then wiretaps would be impossible. No one with control over the network wants the encryption to actually be effective. Theoretically, it should be secure to the phone company, but they don't really care about that.

Re:Simple explanation (1)

mark-t (151149) | more than 4 years ago | (#32998484)

I had misunderstood the purpose of the post then... I thought he was suggesting that lawful interception would still be possible... it isn't. Further, eavesdropping remains similarly impossible on any communications channel where such a key exchange has occurred. If you can spare the bandwidth for purposes of establishing a connection nobody can eavesdrop in on, you can use a multi-pass RSA encryption scheme so that the eavesdropper cannot even find out what "public" key you were using, let alone the private one.

Re:What I don't get about encrypted communication. (0)

Anonymous Coward | more than 4 years ago | (#32994068)

'MitM' attacks are trivial, at least to folks who have read the first couple of chapters of "An Introduction to GSM".
1. Buy a USRP from ettus ($600, if I remember what I paid)
2. Load up "OpenBTS" and '*'
3. ....
4. Profit!

Yes, it's that easy.

Re:What I don't get about encrypted communication. (1)

mark-t (151149) | more than 4 years ago | (#32995886)

MitM's are not remotely trivial for wireless communication, where you'd basically have to intercept an airborne signal and somehow keep the original signal from reaching the destination so that your own attempt to send it to the destination is not detected as anomalous.

Re:What I don't get about encrypted communication. (1)

Timmmm (636430) | more than 4 years ago | (#32997676)

They don't need to. Diffie-Hellman is for key exchange, but the mobile company already has a copy of the key stored on your SIM card, so they don't need to do any key exchange.

The problem is that they used weak encryption, not that they used symmetric encryption.

Re:What I don't get about encrypted communication. (1)

mark-t (151149) | more than 4 years ago | (#32998818)

Okay, so they'd know what phone the transmission was coming from... the content of the communication could still be encrypted by software on the end user's phone.

Re:What I don't get about encrypted communication. (1)

Timmmm (636430) | more than 4 years ago | (#32998854)

Erm, it is. They just cracked the encryption algorithm.

Re:What I don't get about encrypted communication. (1)

mark-t (151149) | more than 4 years ago | (#32998950)

You can't crack a Diffie Hellman key exchange except for a single session, because every session has a different set of keys and you have to start from scratch.

Re:What I don't get about encrypted communication. (1)

Timmmm (636430) | more than 4 years ago | (#32999024)

I never said you could. You seem confused. There is no need for key exchange in thhis case. They just needed to use a better encryption method, e.g. AES.

Commercial: (4, Funny)

DoofusOfDeath (636671) | more than 4 years ago | (#32992554)

"Can you hear me now?"

"Yup"
"yes"
"uh-huh"
"me too!"
"absolutely!"

Re:Commercial: (1)

KZigurs (638781) | more than 4 years ago | (#32993156)

I can only imagine "Absolutely!" said in Moria Browns' voice!

RELEASE THE KRAKEN! (0)

Anonymous Coward | more than 4 years ago | (#32992740)

N/T

Which networks? (2, Interesting)

MadGeek007 (1332293) | more than 4 years ago | (#32993560)

It would be nice to know exactly which GSM carriers use A5/1 encryption, and to what extent it is used. Is it a de facto standard, or a fallback algorithm?

Re:Which networks? (1)

dwye (1127395) | more than 4 years ago | (#32995330)

In fact, it is deprecated, and no one is supposed to even test whether a phone can handle it, anymore. At least according to the last PTRCB Bulletin entries that I read, on my old account of 4 years ago.

Using it is actually WORSE than broadcasting in clear, apparently.

Re:Which networks? (2, Insightful)

MadGeek007 (1332293) | more than 4 years ago | (#32995464)

So in other words, this is a non-issue.

What data? (1)

ceraphis (1611217) | more than 4 years ago | (#32994048)

Could this be used to both eavesdrop on calls as well as snatch arbitrary data transfer as in wi-fi wireless sniffing? I see a lot more dastardly uses of the data than random calls from schmoopy to schmoopy. I always felt like banking on the phone for example was more secure than on an arbitrary computer.

am I the only one not surprised? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32994606)

I know I will probably be called troll or something, but here it goes anyway...

I worked as a consultant for the defense ministry of certain latin american country (which routinely uses its military for police purposes). While being there I befriended some people who had access to complex eavesdropping systems. They showed me how they had the ability to almost instantly intercept any mobile phone call. They even did it with one of my phone calls for amusement. There were 4 cell phone operators in the country, 2 of them using GSM, 1 of them CDMA and the other used iDEN. They could listen to any call on any operator except the one using CDMA. In the iDEN operator they could listen to both calls and PTT radio.

However, I'm not sure they were breaking encryption even if they told me they were, it might just be that the operators handed them some keys or that encryption was turned off by default in all but the CDMA company and no one notices or cares.

How to obtain the tables and the code (1)

this great guy (922511) | more than 4 years ago | (#32995468)

What's new, compared to other past announcements that "GSM has been broken" is that, 3 days ago, the A5/1 Project just wrote the piece of code to perform lookups in the "Berlin rainbow table set". The table set is 2TB and has been computed some time ago and can be obtained from various origins (the project member who wrote the lookup code --Frank Stevenson-- offered the arrangement of swapping preloaded disks for cash at the Schiphol airport). See my blog for some more info [zorinaq.com] about these recent developments.

Coming Soon... (2, Funny)

Veovis (612685) | more than 4 years ago | (#32996434)

.... Can anyone hear me now?.... Good!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?