Cracking GSM 359
RobertM writes "Professor Eli Biham, one of the worlds most famous crypto analysts, together with two of his students presented an interesting paper on flaws in GSM at the IACR Crypto conference. The GSM association is not happy. Read more on theReg." There's also a Reuters article about the situation.
Risky? (Score:3, Interesting)
Sadly, I wouldn't at all be surprised to see this end up on chillingeffects in the near future.
Re:Risky? (Score:2, Insightful)
it would be extremely difficult if not impossible to say that GSM is a copy protection device.
Re:Risky? (Score:3, Funny)
This remembers me an old quote:
God is Real, unless declared Integer
Re:Risky? (Score:5, Informative)
Re:Risky? (Score:5, Informative)
Now in theory if they travel to the USA they could have a problem, and many Israelis do travel to the USA for one reason or another, but I don't think the US goverment will arrest an Israeli professor for publishing a paper.
Operators couldn't care less (Score:2, Interesting)
The only other reason I can see for him not being arrested is the fact that GSM is not a US owned technology. That and the fact that operators couldn't care less, it is not like they hold copyright over your conversations...
Re:Operators couldn't care less (Score:3, Insightful)
A guy that they can protray as a two bit hacker (right or wrong) can be painted in a very different light. But the first amendment types would have a field day if they arrested him. Of course he may decide just not to go the the USA an
Re:Risky? (Score:2, Insightful)
Re:Risky? (Score:3, Informative)
Santa Barbara is an awesome btw! I can't wait for CRYPTO'04
Tom
Re:Risky? (Score:2)
You'd have had better luck if you'd suggested the PATRIOT act as a means to silence him, but even that would be very dubious.
Don't think DMCA applies here, does it? (Score:2)
Re:Risky? (Score:3, Informative)
And in other news... (Score:4, Insightful)
that is a road (Score:5, Informative)
Re:that is a road (Score:5, Funny)
Or maybe I need to take my pills.
Troc
What is the difference between MI5 and MI6 anyway? (Score:2)
I hear them referred to as Brittish foreign intelligence all the time.
Re:What is the difference between MI5 and MI6 anyw (Score:2)
Well you see, its one higher.
Re:What is the difference between MI5 and MI6 anyw (Score:4, Informative)
For USians, the roles equate as follows:
MI5 = FBI
MI6 = CIA
GCHQ = NSA
JIC = Senate Oversight Committee (*very* roughly)
Excellent! (Score:2, Funny)
Re:Excellent! (Score:2, Interesting)
This is news? (Score:5, Funny)
Someone Set Up Us the Bomb (Score:2)
GSM has been Toast for years (Score:4, Insightful)
The initial work didn't totally blow the system open and make on-the-air cracks easy, but it showed that the system was incompetently designed as well as deliberately weakened further, and was yet another reminder that Closed System Design is even worse in cryptography than in software. Subsequent work by people like Biham and Wagner keeps making it worse, and of course computer equipment keeps getting cheaper and larger, which means that attacks that need "hundreds of GB of disk" cost you $200 at Fry's rather than $200000 at the NSA Spook Equipment Shoppe.
In the US, GSM is still a security improvement, weak as it is, because the government bullied the digital cell phone system developers into using even weaker and more broken algorithms (back when they could pretend they were worried about Commie Spies rather than trying to facilitate illegal wiretapping.) (And of course analog cell phones didn't have crypto at all.) But even then, many of the cell phone companies don't bother turning on the crypto - Nokia phones give you a nice friendly indication that they tried to use it and got rejected.
Related topic: GSM Forensics (Score:4, Informative)
A patented crack? (Score:5, Insightful)
1. Does DCMA and its cousins allow such methods to be patented?
2. Will the phreakers care about patents?
Re:A patented crack? (Score:5, Insightful)
Re:A patented crack? (Score:5, Insightful)
They have an *incredible* need (Score:2)
Adjust your tinfoil hat, guy. (Score:5, Informative)
Look up the Federal laws: if it is illegal for a Federal agency to do $foo, then it is also illegal for a Federal agency to have a third party do $foo on their behalf.
If I break into a home and see a kilo of cocaine lying around, I can then go to the DEA and tell them. They can use my testimony to get a warrant to search the home and impound the drugs. Why? Because I didn't commit the crime on their behalf; I came in entirely of my own accord; there was no understanding between the DEA and myself that "if I see any drugs, I'm going to bring them to your attention".
But if the DEA asks me to break into a home, they'd better damn well have a warrant, otherwise they're breaking all manner of Federal laws.
So what you're positing is there is a tacit understanding between the US and UK that each will spy on the other's citizens and share with each other the fruits of those actions. Hmm. This sounds mind-bogglingly stupid.
Why?
Free hint: this is a Federal crime.
Free hint number two: the FBI and NSA do not get along.
Free hint number three: the FBI is the one with the charter to spy on American citizens--not the NSA.
Free hint number four: the FBI protects its jurisdictional turf very zealously.
Free hint number five: the FBI is one of the nation's intelligence agencies, co-equal with the CIA and NSA. The FBI has no charter to collect intelligence from foreign sources; the CIA and NSA have no charter to collect intelligence from domestic sources.
Free hint number six: if the NSA were to really be involved in this, the FBI would be doing a full-court-press investigation into the matter. (a), because it's a clear and massive violation of Federal law, and more importantly, (b) THE FBI DOES NOT SHARE ITS JURISDICTIONAL TURF.
Period.
So if you have any hard facts proving this tacit agreement, I'd love to hear it. If you have hard facts about it, then I'll talk to my FBI friends tomorrow and tell them about it.
I guarantee you they'll be pissed off.
Re:Adjust your tinfoil hat, guy. (Score:3, Informative)
Look up the Federal laws: if it is illegal for a Federal agency to do $foo, then it is also illegal for a Federal agency to have a third party do $foo on their behalf.
Yes, it sounds simple and logical. But there's many examples of the US government breaking straightforward prohibitions. Just look at how many times EO 12333.2 was violated in the past 2 administrations! (And the medals considered for doing so...)
Regardin
Re:Adjust your tinfoil hat, guy. (Score:3, Informative)
First, the existance of the UKUSA pack is shown in section 5.4.2 of the EU report [cryptome.org], with documented references. So, there is no doubt that there is an agreement, above and beyond the normal relationship between nation states intelligence communities. The following, lifted from section 5.1 summarises these "clues":
Re:A patented crack? (Score:2)
Re:A patented crack? (Score:3, Insightful)
But I'm sure that the government personnel will always follow the written proceedures, just like everyone else.
GSM crypto was always suspected to be weak (Score:3, Interesting)
From what I remember, the design of the GSM A5 cipher was always suspected to be weak. From Applied Cryptography:
Patents for criminal activities (Score:2)
Now all psychos will have to pay me in order to perform their activities.
Patented = Published = DCMA Unconstitutional? (Score:5, Interesting)
Re:Patented = Published = DCMA Unconstitutional? (Score:2)
Re:A patented crack? (Score:2)
I mean, that's generally what patents are meant for, to prevent others from exploiting your innovation.
Of course if somebody doesn't care about patent laws, it doesn't help. However, it'll keep this technology off the shelves of your local electronics shop.
And I don't think DMCA has anythig to do with patents directly.
Re:A patented crack? (Score:2)
Stunning Coincedence (Score:2, Insightful)
Amazing.
Don
----------
Eatthepuddingeatthepuddingeatthepudding
Patent protection? (Score:5, Insightful)
I'm sure that a criminal really cares about patent infringements.
Laws should not be used to shore up broken technology. This only impedes law abiding citizens, and does nothing to improve the protection against crime.
This one arguement against gun control, make them illegal and only criminals will have guns.
Make this illegal and only criminals will listen to your phone call.
Re:Patent protection? (Score:2)
I belive the very act of listening to other people's phone calls makes you a criminal... And there are no legitimate uses (unlike guns).
So wether cracking GSM is illegal or not, "only criminals will listen to your phone calls" anyway.
Did you try the subtle art of irony and a moderator misunderstood?
Re:Patent protection? (Score:2)
Re:Patent protection? (Score:2)
You think that intercepting radio waves broadcast through my house and body is a criminal act? That seems a bit far fetched.
Whenever I talk on my cell phone, I realize that a multitude of people can be listening from people in the room to people in the cell area with radio scanners. If it's something sensitive, I'll use a landline or a secure channel. When I'm on my computer, I realize anyone on my collission domain can
Re:Patent protection? (Score:3, Informative)
Intercepting or receiving radio waves isn't illegal of course. Same as you are not breaking any law if you hear when your neighbours shout to each others over you property (hell, if they bother you with it, you can probably get them for disturbing your peace). Even descrambling probably isn't illegal, unless there's a specific law against that. But listening to certainly is. Tha
Re:Patent protection? (Score:2)
Your analogy w/ guns is not so bad; just declaring this tech illegal will work similarly to banning handguns (e.g. in Britain). That is to say,not perfectly, but still extremely well.
Patent infringement will prevent any legitimate company from producing a device to listen in on GSM, so while some might be able to build it themselves, for the most part the people who would listen in won't be able to or won't bother.
Similarly, there are places where handguns are illegal (such as England). Some people sa
Re:Patent protection? (Score:3, Insightful)
Brilliant example of a popular (but fundamental) misconception. Law never protects from crime, law defines what constitutes a crime. If there would be no laws, there would be no crimes. Every law only imepedes the people abiding it.
This one arguement against gun control, make them illegal and only criminals will have guns.
I hopefully have demonstrated
Re:Patent protection? (Score:3, Informative)
You would be guessing wrong at least in Canada.
Guns that end up killing people tend to be stolen, illegally stored, or owned by people who shouldn't have a gun.
Few deaths result from responsible gun owners.
Myself I don't have a gun, I think most city dwellers need a gun like they need their SUV.
Hey! I know these people! (Score:5, Informative)
In general, this is no big news, because this equipment is hard to aquire and the benefits are not that great. In comparison, CDMA and TDMA don't (effectively) encrypt calls at all.
Figures (Score:2, Insightful)
Last time I told a software manufacturer about security flaws they were like, oh we don't care - our users are too dumb to work it out. Uh huh, but what about the competition? I'm sure their opinion would change had I released an exploit for it.
Similarly, the GSM Association probably knew about it, it's probably a designed-in backdoor to allow governmental evesdropping, but now it's public knowledge they're unhappy. Notice they say "very difficult" to exploit - not impossible. They know what's up, and they
Goverment can evesdrop anyway (Score:3, Insightful)
Re:Figures (Score:2)
Ass. Of course I read the article - or did you miss the quote?
The best backdoors are those which don't look like one - secret passages if you will. Maybe it really was a genuine "mistake", but something "fundamental" that requires "complex technology" and the need to "target a specific caller" is just a little too convienient for me. I'm no conspiracy theorist, but when it looks like a duck, walks like a duck, and quacks like a duck, I'll call it a duck.
Go learn how to reverse then come back and see if yo
GSM ... and CDMA? (Score:3, Insightful)
The question is can somebody deploy a off-the-shelf (or homebuilt) scanner and grab the conversations on-the-air? I know that a PR (pseudo random) number is used with the ESN and A-key to generate some keys for encrypting some of the communications, and that the voice channel is "scrambled", but is there a source where the security implications of this is discussed?
Also interesting is that this article appeared (or was going to) on yesterday's slashdot edition but after being available for subscribers for a while it dissapeared.
Re:GSM ... and CDMA? (Score:5, Informative)
In theory, anything is possible.
Off-the-shelf scanner - Definately not. Unless you're talking about high-end five-figure and even six-figure sums. A Rohde and Schwartz FSIQ would probably be 90% of the hardware needed to crack a CDMA signal, but FSIQs run $75k used ($120k or so new). An Agilent E4406A VSA starts at $32000 and cdmaOne and CDMA2000 options are extra $$$. And these might not even be sufficient for realtime monitoring and demodulation. It would be possible to build custom equipment for much less, but only a M.S. or Ph. D. in EE would be able to design a system to do adequate realtime demodulation of CDMA.
Non-realtime (capture the signals and post-process them) - Much easier. The hardware is $1000-2000 off-the-shelf (see GNU Radio), and the software is $99 if you're a student (Matlab), although you'll still need thorough knowledge of CDMA and some communications systems background to write the demodulation algorithms.
I don't know about the datastream-level encryption, but CDMA is much tougher to demodulate than the TDMA scheme used by GSM. (Given a captured baseband signal, I could probably tweak my old ECE 467 projects to demodulate GSM down to its datastreamin not too long, while CDMA would be a LOT harder.
Re:GSM ... and CDMA? (Score:3, Insightful)
Think about it -- all the hardware you need to demodulate and decode a CDMA signal in realtime is present in a CDMA phone, so it's only a matter of understanding/controlling the hardware and figuring out how to capture the right spreading code and any other keys in use.
Given that, the hardware is probably close to free once you've figured out how to control a phone or download new software to it.
CDMA harder but not intended as encryption (Score:2, Informative)
CDMA is indeed tougher to demodulate than GSM, the reason being that each GSM signal uses the same carrier (basically it encodes bits by modulating phase; the technical term is Gaussian Minimum Shift Keying, or GMSK). CDMA, on the other hand, has each user use a different "spreading code" in an attempt to make signals from different users orthogonal. The purpose of the spreading code is to take your nice orderly stream of bits, and turn it into a random-looking sequence. At the other end, the receiver kn
the new 3G ad campaign (Score:5, Funny)
"they can hear you now."
3G phones safe (Score:3, Informative)
From theReg...
Both parties agree that the issue does not affect 3G phones, which use different protocols and security mechanisms than legacy GSM handsets.
Is that because (Score:2)
Oh, and 3G calls to GSM mobiles are presumably still open...
Old hat! (Score:4, Interesting)
GSM specialists have known for a number of years now that GSM crypto was not that good. Interestingly enough, GSM crypto was designed by French 'military specialists', which has raised the usual (probably justified) suspicions of backdoors.
Sorry for not being able to produce more info, but I am sure other Slashdotters will have interesting links to supply...
Instant Cryptanalysis (Score:5, Informative)
The exact details are still secret but the attack exploits a misuse of Error Correcting Codes (ECC - are used in communication protocols to correct random noise errors).
It seems that instead of encrypting the conversation and then employing ECC, the GSM does it the other way thus leaking enough data for the cryptanalysis to be performed
Re:Instant Cryptanalysis (Score:2)
Well, that answers my question about whether the standard writers had their design reviewed by someone who understands cryptography. *sigh*
In unrelated news ... (Score:4, Funny)
Design flaw or Feature? (Score:4, Interesting)
Does anyone know if the article is available online?
I'd like to know if this flaw looks more like a mistake or somthing more intentional.
None of the meadia people who spoke about it seem to understand that "Instant Ciphertext-Only Cryptanalysis" means you are effectivly not protected at all.
Re:Design flaw or Feature? (Score:2)
Law enforcement taps take place within the telco infrastructure: i.e. after the conversation has been received & decrypted by the base station.
According to Ross Anderson, most inter-base station communications is done via microwaves, (because the landline infrastructure is generally owned by a competitor), and IIRC most of the microwave transmissions are in the clear.
Transport-level privacy between handset and base station was provided by two ciphers of different strengths: A5/1 for Europe & the
Re:Design flaw or Feature? (Score:2)
That is good if all you need is evidance. But if you need tactical intel during an operation, live realtime intel is pricless.
Reuters article more balanced (Score:5, Informative)
Re:Reuters article more balanced (Score:2)
Re:Reuters article more balanced (Score:2)
Good for 3G. (Score:2, Informative)
Finally one reason for people to upgrade to 3G.
The people behind this (Score:3, Funny)
Name Dropper! (Score:2)
inflate, then encrypt (Score:3, Informative)
"Elad found that the GSM network does not work in proper order: First, it inflates the information passing through it in order to correct for interference and noise and only then encrypts it," Biham told The Jerusalem Post. "At first, I didn't believe it. We checked it, and it was true."
That probably means higher predictability for the encrypted data.
REMOB anyone? *GOV CAN TAP YOU* (Score:4, Interesting)
REMOB (Remote observation mode) is a TSPS console feature of the american telephone system to allow inward ops to monitor a suspected phone that might be "off the hook" prior to interrupting the line for "life or dire emergency" with the 500Hz tone and issuance of the frequently heard phrase "This is the att operator do you wish to disconnect this call you have an emergecy phone call from
but PRIOR to that for 30 second maximum bursts you get to hear an inverterted sound wave... which you can record.
better... the fbi has is setup to cascade overlapping series of REMOB snippets so when one ends (on any CLASS capable ESS r5) another takes over.
This way no interrupt chirp is heard by the victims, and lots of trivially "scrambled' speech can be secretly recorded.
i have never ever ever seen this in print or any edoc in history of phreaking.
I have seen telephon reps state to congree that REMOB did not exist.
it exists.
it does not take outside intercepts (ECHELON) as reported on 60 Minutes, or any NRO or NSA budgets,
it only takes a 6 digit code and the correct connections to do REMOB.
REMOB makes intercepting cell phones laughable in comparison.
besides... the German Gov records ALL cell phones under that alleged statement that in theory it COULD intercept the airwaves anyways if they tried. Remeber the slashdot article?
also the us gov allows no-warrant affixing of GPS locater emmitter bugs under your car frame under the assumption that it could visually track you from their air if they had the money anyways. Remember the Scott peterson case this summer? No initial warrant to put the gps bug on his car.
recording and intercepting ALL cell phone traffic at the point of origin on the LAND LINES is what the fed gov assumes is their right!
no need to mess with intercepts.
July 1983 the us supreme court ruled the public had a right to intercept and use all radio trasmissions INCLUDING call phones. Then they pverturned it partly years later.
today it is LEGAL for the cops to buy and sell equipment to record cell phones, but not the public across state borders. you have to build it from scratch yourself for your own hobbyist needs... and then its legal to use.
but REMOB is far far more humorous.
I know it exists.... first hand
Re:REMOB anyone? *GOV CAN TAP YOU* (Score:2, Funny)
If you invert a sound wave, it basically sounds the same. Try it on your computer.
Wishful thinking (Score:2, Informative)
From the Reg article:
I don't have the sales figures to hand, but I don't think GSM can really be called a "legacy" technology yet. IIRC Britain only has one provider 3G service provider, which has had a fraction of the expected number of subscribers.
Re:Wishful thinking (Score:2)
The G4 is a legacy Mac. My 2.53ghz Northwood P4 is a legacy CPU, with a legacy 533mhz fsb.
There's a fix already?! (Score:2)
Okay...The networks can issue new SIMs and update their switches. If they're soft switches [motorola.com], then it should be all the easier of an upgrade. Those of you who have GSM network operators (like Orange [orange.co.uk], BT [bt.com], FT [francetelecom.com], T-Mobile [tmobile.com]), petition them to take this fix seriously. You pay for a service that they advertise as being secure. However, if you were worried abo
no privacy on mobile phones (Score:4, Interesting)
In the bad old days of analog mobile phones, there wasn't even encryption on the signal. You could literally walk into Radio Shack and walk out carrying a scanner capable of receiving mobile phone frequencies. (They eventually banned the sale of scanners capable of receiving those frequencies.) Later, TDMA and CDMA technologies made it more difficult to intercept signals, but all that's required is the right decoder.
Encryption of the call is a fairly recent trend and I think it's a terrific idea, but any encryption can be broken in time. While the odds are low that someone may be listing in, guaranteed privacy is impossible.
I think as a whole, we tend to trust in technology without really understanding it. I'm reminded of two engineering students who were visiting my apartment in college, and showing off their new cell phones by one calling the other. They were quite surprised when I was able to intercept their call with a cheap radio scanner. They had no idea their call was not private, simply assuming that the technology was secure. It wasn't.
The most attended event at the conference. (Score:3, Funny)
Beach Barbecue
Bar 18:00-20:30
Buffet 18:15-20:30
Dessert/Coffee 19:00-20:30
I wasn't there but I just know that everyone showed for the beach barbecue with the open bar and grub all night long.
Re:The most attended event at the conference. (Score:2)
Uh what? (Score:2, Interesting)
A Wise Man... (Score:4, Interesting)
Criticism, however, allowed him to improve himself.
Typical (Score:2)
The article states... The GSM Association admits the Israeli researchers are onto something but say the attack requires the use of complex technology, which few phone phreakers have access to, and would need to be targeted at a specific caller.
I see ... in other words. They only people you have to fear is your government and large companies.
Is anyone else bothered by the fact that governments all across this planet of ours seem to think that the only kind of secrecy that is a good thing is goverment s
They should be happy (Score:2)
- The GSM association is not happy.
They should be happy. It's an opportunity to them to refine their techniques and improve users protection.IMO people should understand that errors found are opportunities to improve quality. Not a way to point incapacity.
so what ? (Score:2)
Cypher text only or MitM? (Score:2)
Is the GSM association clueless? (Score:2)
Does anyone know if its possible to make a device that exploits such a vulnerability?
I don't buy into the very difficult to exploit crap. As far as I can tell from this information (but IANAHE - im not a hardware engineer) it would be possible to design hardware that can systematically exp
The DMCA has nothing to do with this. (Score:2)
Sure, some lawyer will be able to construct a lawsuit out of this using the DMCA as a leverage, especially since this news will allow people to spread massive amounts of FUD in order to make a quick buck from the techno-illiterate masses, but I don't think the DMCA is violated here.
I don't think it will affect US/Israel relations. The relation the US has wi
Another awful thread about Israel (Score:2)
The problem is that it's a terrible situation for everyone over there. Surely everyone has a right to live in peace, and surely that's what most people, Palestinian and Israeli, really want. However, the problems there have become a proxy for everyone else in the world to line up against each other. Arab leaders use it to strengthen their position by distracting their people from their own problems. It has become a platform for conservatives and liberal
Re:Another awful thread about Israel (Score:2)
Re:How does this affect US/Israel relations? (Score:2)
Hey, believe it or not, the US doesn't have legal jurisdiction in other countries.
That's right, I can drive on the left side of the road - AND NOT BE ARRESTED FOR BREAKING US TRAFFIC LAWS!
Mod parent up (Score:2, Interesting)
And Americans cry and wail and wonder why (and I actually heard this coming from some Midwestern mother of three after some recent attacks in the Middle East) why do they ha
Re:How does this affect US/Israel relations? (Score:2)
But his ideas are right. And Israel has been retaliated by all of its neighbors.
When you oppress people for so long, they will retaliate the only way they can, through suicide bombing and other means.
Re:How does this affect US/Israel relations? (Score:2)
Genocide is what you want? They are in an open state of war that is stagnating because doves won't allow Israel to simply push all the Palestinians into the sea - as they should have done long ago.
I thought after rarely escaping that, the Jewish people would not want to ever do that to anyone.
Discrimination is clouding your judgement
Re:How does this affect US/Israel relations? (Score:2)
"I thought after rarely escaping that, the Jewish people would not want to ever do that to anyone."
Maybe it's the Christians in conspiracy, using the Jewish Israelis without their realization, to get back at the arab world for forcing the Christians into the sea at the end of the Crusades...
Rome has been awfully quiet about the whole affair, after all...
The preceding post is categorized as sarcasm, for the humour impaired
Re:How does this affect US/Israel relations? (Score:2)
And as for your "Palestinians arent a race" arguement so you can kill them all and its not genocide...that is outrageous. So you can kill all the Jewish people in North America because well, hey! theres more in the world!
That is idiotic.
Re:"The GSM association is not happy." (Score:4, Informative)
A: No. [cryptome.org]
The hash function (A3/A8) used in the default implementation of the GSM protocol for the challenge-response authentication had a vulnerability of a type known about in the cryptographic community for years.
This wasn't a deliberate weakening, because this flaw had no real impact on the ability of law enforcement to intercept, and allowed cloning of GSM handsets: something that was definitely not supposed to be possible.
They've learnt from their mistakes though: the 3G protocol has undergone extensive public review , as has the ciphers they chose.
Re:Legacy GSM? (Score:2)
Actually most of the world aren't on 3G.
This link [gsmworld.com] shows which networks offer 3G
And don't make the common problem of confusing of 2.5G with 3G
Re:Europeans, mod this up! (Score:4, Insightful)
America is invincible. Other countries will never advance any farther than America wishes them to advance.
Carthage was invicible until Rome turned up.
Rome was invincible until the 'barbarians' turned up.
The Inca were invincible until the Spanish turned up.
There is a proverb from Belarus - Keep one eye on the past and you are half blind. Forget the past altogether and you are totally blind.