Feeds

Mobile hack shows need for security upgrade

How cracked is mobile encryption?

Using blade systems to cut costs and sharpen efficiencies

Last week the Chaos Computer Club announced it had cracked GSM, but by Friday the GSMA was saying the attack was completely impractical - so should you be worried?

The attack proposed by the CCC is based on a Rainbow table: an enormous list of known results to which an encoded message can be compared to look up the key, rather than break the encryption. This approach was swiftly rubbished by the GSMA as needing 2TB of data and thus being impractical, but, as ever, things aren't quite that simple.

GSM's security is based on several algorithms, but the focus here is on the encryption used to secure calls against interception rather than identification or authorisation which, for the moment, remain secure. In GSM parlance the encryption of the call is known as A5, with the encryption options being numbered from zero to three: A5/0 being no encryption at all, A5/1 proper encryption, A5/2 weakened encryption for export to dodgy countries and A5/3 the new standard that's supposed to be part of 3G but isn't really.

A5, and the GSM security standard, only covers the connection between the handset and the nearest base station. Once at the base station any encryption is up to the network operator who might decide to shave a few quid off their microwave backhaul by not bothering to encrypt it at all. Once in the operator's network the call isn't encrypted, and that's where legitimate law enforcement (and shifty employees) can tap your calls.

But back to miscreants listening in on the radio portion: there are several ways that avoid having to break the encryption, besides bribing operator employees. On 2G networks a criminal can set up a fake base station, and configure that station to deny any cryptographic ability - when the target's handset connects, it is then forced not to use encryption as it appears that the network doesn't support any.

Users are supposed to get an on-screen warning when that happens, but handsets haven't done that for years. The 3G standard requires the base station to authenticate itself to the handset, so your miscreant will need to jam 2.1GHz around his fake station if he's going to force handsets down to 2G services only.

But assuming that's not practical, and the call is being placed in a region allowed to use decent cryptography, your criminal will want to break the A5/1 cryptography that's being used to protect the call. A5/1 comes with a 64-bit key, so should be pretty secure against brute force attacks and make a Rainbow Table unfeasibly large as the GSMA contends.

However, the network operators decided to pad the key with ten zeros to make processing faster, so it's really a 54-bit key. Other weaknesses in the originally secret algorithm further reduce the options and make a Rainbow Table eminently practical; as long as one has a decently fast hard drive (or, ideally, some solid-state storage) then real-time cracking of A5/1 can be done.

The GSMA has been claiming that an A5/1 Rainbow Table will need the equivalent of a tower of books 20km high, which is about as useful as saying that such a table couldn't be written on a fish. If the open-source project to compile a distributed Rainbow Table succeeds, then the data will be spread out amongst possibly millions of computers and available to anyone who's interested.

So A5/1 has already been cracked by specialist hardware, and is now being attacked by drafted video cards; but that's OK 'cos the mobile industry is rapidly moving towards the much-more-secure A5/3, isn't it?

A5/3 is indeed much more secure; not only is it based on the well known (and trusted) Kasumi algorithm, but it was also developed to encrypt more of the communication (including the phone numbers of those connecting together), making it much harder for ne'er-do-wells to work out which call to intercept. A5/3 was developed, at public expense, by the European Telecommunications Standards Institute (ETSI) and is mandated by the 3G standard, though can also be applied to 2.5G technologies including GPRS and EDGE.

The standard, which is publicly available, was completed in 2002 and endorsed by everyone at the time as a new dawn in network security - only no one ever used it. We've not been able to discover a single network operator, or handset, which is using A5/3.

Nokia and Sony Ericsson both failed to respond to our questions on the subject, and GSM security experts tell us they've never seen A5/3 in the field. So there is a secure alternative, but no one seems to be bothering to use it.

All of which means that an increasing number of people can indeed listen in to your GSM calls, even if you find a 3G connection and trust your network operator completely. So if you really care about your call security, or have reason to believe that someone with some resources is planning on listening in, you'll have to consider an end-to-end encryption product such as CellCrypt, or Skype and its ilk if you're prepared to rely on a data connection. Otherwise, you can just assume that no one cares what you're saying and be grateful that A3 and A8 remain secure so no one can fake a GSM call - at least not yet. ®

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
Microsoft unsheathes cheap Android-killer: Behold, the Lumia 530
Say it with us: I'm King of the Landfill-ill-ill-ill
All those new '5G standards'? Here's the science they rely on
Radio professor tells us how wireless will get faster in the real world
Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
Bigger, harder trouser bulges foretold for fanbois
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
'Two-speed internet' storm turns FCC.gov into zero-speed website
Deadline for comments on net neutrality shake-up extended to Friday
Oh girl, you jus' didn't: Level 3 slaps Verizon in Netflix throttle blowup
Just hook us up to more 10Gbps ports, backbone biz yells in tit-for-tat spat
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.