Feeds

Mobile hack shows need for security upgrade

How cracked is mobile encryption?

Designing a Defense for Mobile Applications

Last week the Chaos Computer Club announced it had cracked GSM, but by Friday the GSMA was saying the attack was completely impractical - so should you be worried?

The attack proposed by the CCC is based on a Rainbow table: an enormous list of known results to which an encoded message can be compared to look up the key, rather than break the encryption. This approach was swiftly rubbished by the GSMA as needing 2TB of data and thus being impractical, but, as ever, things aren't quite that simple.

GSM's security is based on several algorithms, but the focus here is on the encryption used to secure calls against interception rather than identification or authorisation which, for the moment, remain secure. In GSM parlance the encryption of the call is known as A5, with the encryption options being numbered from zero to three: A5/0 being no encryption at all, A5/1 proper encryption, A5/2 weakened encryption for export to dodgy countries and A5/3 the new standard that's supposed to be part of 3G but isn't really.

A5, and the GSM security standard, only covers the connection between the handset and the nearest base station. Once at the base station any encryption is up to the network operator who might decide to shave a few quid off their microwave backhaul by not bothering to encrypt it at all. Once in the operator's network the call isn't encrypted, and that's where legitimate law enforcement (and shifty employees) can tap your calls.

But back to miscreants listening in on the radio portion: there are several ways that avoid having to break the encryption, besides bribing operator employees. On 2G networks a criminal can set up a fake base station, and configure that station to deny any cryptographic ability - when the target's handset connects, it is then forced not to use encryption as it appears that the network doesn't support any.

Users are supposed to get an on-screen warning when that happens, but handsets haven't done that for years. The 3G standard requires the base station to authenticate itself to the handset, so your miscreant will need to jam 2.1GHz around his fake station if he's going to force handsets down to 2G services only.

But assuming that's not practical, and the call is being placed in a region allowed to use decent cryptography, your criminal will want to break the A5/1 cryptography that's being used to protect the call. A5/1 comes with a 64-bit key, so should be pretty secure against brute force attacks and make a Rainbow Table unfeasibly large as the GSMA contends.

However, the network operators decided to pad the key with ten zeros to make processing faster, so it's really a 54-bit key. Other weaknesses in the originally secret algorithm further reduce the options and make a Rainbow Table eminently practical; as long as one has a decently fast hard drive (or, ideally, some solid-state storage) then real-time cracking of A5/1 can be done.

The GSMA has been claiming that an A5/1 Rainbow Table will need the equivalent of a tower of books 20km high, which is about as useful as saying that such a table couldn't be written on a fish. If the open-source project to compile a distributed Rainbow Table succeeds, then the data will be spread out amongst possibly millions of computers and available to anyone who's interested.

So A5/1 has already been cracked by specialist hardware, and is now being attacked by drafted video cards; but that's OK 'cos the mobile industry is rapidly moving towards the much-more-secure A5/3, isn't it?

A5/3 is indeed much more secure; not only is it based on the well known (and trusted) Kasumi algorithm, but it was also developed to encrypt more of the communication (including the phone numbers of those connecting together), making it much harder for ne'er-do-wells to work out which call to intercept. A5/3 was developed, at public expense, by the European Telecommunications Standards Institute (ETSI) and is mandated by the 3G standard, though can also be applied to 2.5G technologies including GPRS and EDGE.

The standard, which is publicly available, was completed in 2002 and endorsed by everyone at the time as a new dawn in network security - only no one ever used it. We've not been able to discover a single network operator, or handset, which is using A5/3.

Nokia and Sony Ericsson both failed to respond to our questions on the subject, and GSM security experts tell us they've never seen A5/3 in the field. So there is a secure alternative, but no one seems to be bothering to use it.

All of which means that an increasing number of people can indeed listen in to your GSM calls, even if you find a 3G connection and trust your network operator completely. So if you really care about your call security, or have reason to believe that someone with some resources is planning on listening in, you'll have to consider an end-to-end encryption product such as CellCrypt, or Skype and its ilk if you're prepared to rely on a data connection. Otherwise, you can just assume that no one cares what you're saying and be grateful that A3 and A8 remain secure so no one can fake a GSM call - at least not yet. ®

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Bring back error correction, say Danish 'net boffins
We don't need no steenkin' TCP/IP retransmission and the congestion it causes
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
Telstra to KILL 2G network by end of 2016
GSM now stands for Grave-Seeking-Mobile network
Seeking LTE expert to insert small cells into BT customers' places
Is this the first step to a FON-a-like 4G network?
What FTC lawsuit? T-Mobile US touts 10GB, $100 family-of-4 plan
Folks 'could use that money for more important things' says CEO Legere
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.