Dubai mobe cracking demo barred by Heathrow boffin bust
Authorities impound open source radio gear
A mobile phone security researcher has been left baffled by UK government airport authorities, who impounded basic equipment while claiming that he could be illegally exporting high-end code breaking technology.
The action meant he had to cancel a demonstration of a groundbreaking exploit of GSM encryption in the Middle East.
Steve Mueller, a German national living in London, was approached by an official while reading a newspaper in the departure lounge of Heathrow's terminal 3. It was minutes before his Emirates flight was due to take off on Monday 14 April.
In his day job Mueller works for a company that helps businesses secure their mobile communications, but was travelling as an independent researcher to present his work on GSM cracking to the Hack in the Box conference in Dubai.
The official identified himself as an export control officer, and took Mueller aside to a search room, where his checked-in luggage had been taken from the plane's cargo hold. After a swift rummage, the officials confiscated his aged Nokia 3310 and a cheap USB device called a Universal Software Radio Peripheral (USRP). They ignored two more phones, a laptop, and a high performance FPGA chip.
"They said they didn't know what it was, so they were taking it," Mueller said in a telephone conversation with The Register. The field on the yellow form he was given to record the confiscation that read, "the goods specified below are detained for the following reason", had been left blank.
Mueller said: "They told me they wanted to make sure I wasn't exporting any cryptanalytic equipment.
"They knew exactly who I was and where I was going. They even knew what time I was speaking."
He boarded the plane without the items, having been told they would be sent away for tests. The Nokia, which Mueller had intended to use as part of a demonstration in his talk in Dubai, also contained his personal SIM. On arrival, he posted in frustration on his blog: "Having a pregnant wife at home and not being reachable complicates my situation."
It didn't particularly surprise Mueller that the authorities were monitoring his work, however. He made waves at the Black Hat conference in Washington DC in February by announcing that he and a fellow researcher had developed a new attack that cracks standard GSM transmissions, encrypted using the A5/1 algorithm, in as little as 30 seconds.
Their undetectable method impressed by being up to 10,000 times faster than the brute force number crunching it's thought government agencies use. What's more, it requires only a laptop, open source software and a $700 USRP. The pair argued that they merely exploited a known theoretical vulnerability, and that it should prompt networks to improve encryption standards.
Neverthless aware of the potential national security implications of the new method, Mueller says he met two men from GCHQ, two weeks prior to Black Hat, and got the all-clear to speak. The details of the exploit are now public.
The Heathrow officials' choice of items to confiscate was therefore particularly confusing to him. If they genuinely thought he wanted to export any cryptanalytic technology or information then they would have taken his FPGA, laptop, and paperwork too, he argued.
"The USRP is sold all over the world," he said. A USRP can be configured as a GSM scanner using software from the GNU Radio Project. Without his, Mueller's demonstration was kneecapped, however.
When Mueller returned to the UK at the end of last week, he worried when his name was called out over the plane's passenger announcement system. "I thought, oh no," he said.
More government officials were waiting for him, but only to return his equipment. The USRP had been dismantled and poorly reassembled, Mueller claimed. "The motherboard was just rattling around." No answer was given on who had ordered the shakedown.
HMRC could not confirm that it was its customs agents that confiscated Mueller's equipment. "All our work is intelligence-based. It would be inappropriate to comment on an individual case," a spokesman said.
"We have certain powers to to stop passengers and search items going in and out of the country. We appreciate people's cooperation."
The spokesman said Mueller should contact HMRC directly if he has specific complaints. ®