[Karsten Nohl], with a group of security researchers has broken the A5/1 Stream Cipher behind GSM. Their project web site discusses their work and provides slides(pdf) presented at 26C3. A5/1 has had known vulnerabilities for some time now and is scheduled to be phased out for the newer KASUMI or A5/3 block cipher. This should be an interesting time in the cell phone business.
Thanks to [Tyco] and [MashupMark] for pointing us to this story.
The whole congress was very exciting, almost all of the talks will be available online on the CCC-website, too.
Boy, I am glad I have CDMA.
The code was only 21 years old. Bout time.
Oh my, this is beautiful. 20 years is far too long for privacy algorithm to stay in use.
Well gov agencies had this technology since years now you can hook it up on an 1K device. Its going to be a bigger issue for the developing countries where the GSM providers dont have the budget to switch the encryption.
But what govs have are probably more sophisticated starting with that they can tap the calls at the BSS why would they need to crack A5.
We were about to do some research on this but the thc wiki only wrote down the basics when they had a lot more what they didnt publish. Dunno how the hell can they call it for a community project when they work privately and dont publish just junk.
Anyways I hate cellphones and I think its a really sick thing to listen someone elses calls for fun.
The REALLY cool part, if you read the slides, they’ve developed a generalized distributed system for making rainbow tables across CPUs, GPUs, and FPGAs for ciphers up to 64 bits, or so.
funky, funky as hell!
This does not mean that now anyone can download a small Python script for use on their Nokia and just start tapping on calls and texts… Using the work that these guys have developed requires a shitload of equipment and expertise only a handful of people possess. Don’t worry about your security, if someone wants to listen to your calls, they’ve already done it by going to your operator and tapping in on the ground side rather than radio side.
Apart from that, I didn’t have time to go through all of the material (slides etc.) but how do they figure out the timing scheme for a particular mobile station? I mean, GSM is a TDMA nightmare since the timing scheme is per-session and only the mobile station and the base-station transceiver know it.
GSM’s been broken before, and we get the same lame excuses from the Offficals about it. It takes some equipment to do it, but the “bad” guys and by this I don’t mean the any Govt people have the money to do it. And these are the same peopl who wnat to give us a new and more secure “Chip Card” ( http://www.commsdesign.com/news/tech_beat/showArticle.jhtml?articleID=220800050 )
Aah, how I yearn for the glory days of using an OKI 900 on CDMA to do things no one should ever be able to do…
I really miss the analog backbone :(
This is only to hack the 64 bit encryption, not the 128 bit which is in use today.I believe that there is a 256 bit encryption in the works for gsm as well.
That’s why I want more open source in my phone : let me choose the algorithm I rely on to protect my privacy !
thx for topic
that is not good things :p
Great site you have here.. It’s difficult to find high
quality writing like yours nowadays. I really appreciate individuals
like you! Take care!!