Feeds

Israeli boffins crack GSM code

Phreak Like Me

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

A team of Israeli scientists have uncovered a possible means of cracking the GSM mobile phone network encryption code, opening the door to attacks that could enable eavesdroppers to listen into calls.

The GSM Association, a trade group for suppliers and mobile network operators, is downplaying the problem. It admits a potential vulnerability exists but argues that this would be very difficult to exploit in practice.

Researchers Professor Eli Biham and doctoral student Elad Barkan, and Nathan Keller, all of the Technion Institute in Haifa, discovered basic weaknesses in the encryption scheme used in GSM networks.

According to Biham, the attack allows an eavesdropper to tap into a conversation while a call is been set up and a phone at the receiver's end is still ringing. After this, a conversation can be overheard.

"Using a special device it's possible to steal calls and impersonate callers in the middle of a call as it's happening," Biham told Reuters.

The security loophole arises because of a fundamental mistake made by GSM developers in creating a system which corrected for interference of the line prior to encrypting a conversation, he explained.

The researchers have produced a paper, Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication, documenting their findings. The paper was presented at last month's Crypto Conference in Santa Barbara, California but news of this alarming discovery only broke yesterday.

The GSM Association admits the Israeli researchers are onto something but say the attack requires the use of complex technology, which few phone phreakers have access to, and would need to be targeted at a specific caller.

According to Reuters, the Association claims an attacker would have to "transmit distinctive data over the air to masquerade as a GSM base station". An attacker would also have to be placed between a caller and a base station to intercept a call, it adds.

"This (technique) goes further than previous academic papers, (but) it is nothing new or surprising to the GSM community. The GSM Association believes that the practical implications of the paper are limited," it said in a statement.

The Association said an upgrade to the A5/2 encryption algorithm, available since July 2002, addresses the security weaknesses highlighted by the Israelis.

Biham disputes this and says the new encryption system, which was put in place in response to previous attacks, is itself vulnerable.

Both parties agree that the issue does not affect 3G phones, which use different protocols and security mechanisms than legacy GSM handsets. ®

External Links

GSM Security FAQ

Related Stories

Attack of the clones
SMS phone crash exploit a risk for older Nokias
Mobile security needs to change with GPRS
3G crypto a go-go
Captain Crunch sets up security firm

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.