Theoretically, GSM has been broken since 2003, but the limitations of hardware at the time meant cell phone calls and texts were secure from the prying ears of digital eavesdroppers and all but the most secret government agencies. Since then, the costs of hardware have gone down, two terabytes of rainbow tables have been published, and all the techniques and knowledge required to listen in on cell phone calls have been available. The only thing missing was the hardware. Now, with a super low-cost USB TV tuner come software defined radio, [domi] has put together a tutorial for cracking GSM with thirty dollars in hardware.
Previous endeavours to listen in and decrypt GSM signals used fairly expensive software defined radios – USRP systems that cost a few thousand dollars a piece. Since the advent of RTL-SDR, the price of software defined radios has come down to about $30 on eBay, giving anyone with a Paypal account the ability to listen in on GSM calls and sniff text messages.
The process of cracking GSM first involves getting the TMSI – Temporary Mobile Subscriber Identifier – a unique ID for each phone in a certain cell. This is done by sending a silent SMS that will send back and acknowledgement an SMS has been received on the victim’s phone, but won’t give the victim any indication of receiving a message.
From there, the attacker listens to the GSM signals in the cell, receiving bursts attached to a TMSI, and cracking the encrypted stream using 1.6 TB of rainbow tables.
[domi] put up a four-part tutorial series (part 1 above; part 2, part 3, and part 4) that goes over the theory and the actual procedure of cracking text messages and voice calls with a simple USB TV tuner. There are a few limitations; the attacker must be in the same cell as the victim, and it looks like real-time voice decoding isn’t yet possible. Cracking GSM for $30, though, that’s good enough for us.
Holy shit
What this guy said ^
That about covers it.
DITTO
Ok that may explain that part. But I paid $700 dollars for the package 1 and not only have i not received anything. But all My msgs on telegram were erased. And the account with the same name changed the picture
Did u buy from exposed gsm on telegram?
It’s still not click and drool so that any typical user can do it, but it significantly lowers the bar for those that have the IQ and education to do it.
It is a little sensational of a headline, 99% of all private investigators lack the brain cells to do this, same ratio of the public also lack the ability. But It does offer an opportunity for a black hat to have yet another attack vector. More scary is the ability to just capture all of the data stream even in encrypted form for later use.
Inconvenience != Security
No, but in practical terms, if it keeps the skript kiddies out, it’s a whole lot less chaos.
It seems like, in cases of stuff that’s extremely clever, like this, the real geniuses write the software, then the also-rans write front-ends that put it into the hands of monkeys. Inconvenience isn’t a philosophy to rely on, but in the period between a crack and a fix it’s probably the best we have.
Since GSM’s had this hole since 2003, I’m a bit surprised they haven’t fixed it. I know it’s a fairly basic flaw, but if they’d added on some extra optional standard, and kept the old flawed mode for compatibility, by now the problem would have been solved. Tho I’m sure there’s some reason they didn’t do this that I don’t know about.
My phone’s 3G anyway. Do they use GSM for voice?
Actually thinking about it my wristwatch is only 2G. But I use that more for watching videos on. 48 quid from Amazon, technology, marvellous!
Your phone falls back to GSM as soon as 3G is not available (because of bad signal or someone jamming its frequencies).
GSM’s had the hole from the beginning, because they used roll-your-own crypto (and set a bunch of the key bits to zero as well, probably because of political pressure.) It got discovered when somebody gave Ian Goldberg (a crypto grad student at Berkeley) a copy of the crypto code to evaluate. He took a look at it over lunch time, and it took three hours to crack instead of two because the Chinese restaurant was having the good lunch special that day instead of the boring one.
Analog cell phones were still around (no crypto), and the Qualcomm CDMA systems had a trivial crypto algorithm because of political pressure (including the threat to deny them import and export permissions if they didn’t cooperate.)
This makes tan via handy even more useless.
So, if you ever receive a Tan without requesting it yourself, immediately check your bank account.
can you elaborate please? googling tan via handy is useless due to a skin tanning product called handy tan. im assuming by tan you mean transaction authorization number.
Transaction authentication number…
http://en.wikipedia.org/wiki/Transaction_authentication_number
I knew this was possible, but it still is scary.
Mmm, it’s a nice reminder than GSM is completely insecure but :
– There is nothing new here. Even the software he use haven’t been written by him and they’ve been public for years and demonstrated at various conferences for . The only new piece of software is the ‘silent sms’ app he wrote for android but even that’s only an implementation of a small part of the attack presented at 27C3 ( http://www.youtube.com/watch?v=fH_fXSr-FhU ).
– There are several innacuracies and technical errors in the write up.
– He also pretty much “skipped” the hacking part, he just recovered the key from his own SIM in part4, no cracking there.
– There are other pieces missing in the write up that make the described attack unlikely to work on a real network (AMR codec and hopping come to mind). To be clear, those are cracked too and have been for a while (with practical demo showed), they’re just “skipped” in this blog post.
Too bad the information is incomplete. The script which actually gets the TMSI is not available…..
Also this doesn’t account for voice capture in frequency hopping networks
Given the gigantic size of those tables I don’t think there is any hope of live decoding on current purchaseable hardware. The best setup I think would be a gpu server which you send the data off to for crack and decryption with SSDs serving the tables. Eventually as gpu core numbers increase an ram sizes make a 1.6 TB ramdisk possible I could see an the posibility of near live decoding on consumer aquirable equipment.
?!? Of course there is. 4 * 512Go SSD and a good GPU and you’re good to go. For less than 5k$ you’ve got a very good setup.
as far as I know only cracking Kc is slow and not in real time, but when you got that you can decrypt in real time.
Yup, only need to crack the key once. How long does kraken take on an average computer?
Why doesn’t the cell phone itself need 1.6TB of tables to do the decryption ?
GSM Network Operator & SIM already have a shared secret Ki that attacker doesn’t.
It’s like solving an equation on-the-fly versus having the answer for possible equations with you.
Because it has the key.
Because it has it’s key in the simcard, You are cracking the unknown key. That is what the tables are for a time memory cracking. You can take a long time to crack and use little memory or you can pre-calculate part of the process to speed things up, but you need storage for this.
It is not cracking GSM for 30$,
it is recording GSM with 30$ usb dongle.
Cracking HW still costs far more.
Most people who visit this site have 2+TB of storage on their PCs. Its not like 2/4TB external drives are uncommon now a days.
Since I do not have a data plan, I configured my cellphone to GSM mode to save battery. Switching to 3G right now…
iirc 4G networks begin to leave GSM behind, voice calls are more of a VoIP session than before, so one more reason to speed up the rollout
I hate to be a spoil-sport, but receiving cell signals that are not intended for you is illegal in the US. Even listening to that portion of the spectrum is illegal.
Of course, enforcing this is pretty close to impossible…
It’s actually not. Selling or importing a device that has the ability to listen to those frequencies is what’s illegal. Being in possession of such a device, though, is not illegal (i.e., you can build your own scanner that receives cell frequencies). Actually using it is not illegal, either, but attempting to break the encryption on the received data is illegal. Also, it only covers a narrow range of frequencies that were used for AMPS. Modern cell phones can and do use frequencies outside that band.
Even if it were illegal, that doesn’t necessarily mean the writer or the guy he wrote about give a shit.
It would be impossible to confiscate and enforce restrictions on people’s ability to intercept or monitor anything over the air. A simple crystal detector set can be placed in a close enough proximity to couple and demodulate a targeted signal, if you are close enough to the transmitter, and if one does a little research on the subject, other equipment on the surplus markets and scanner radios are also easy to modify, so it is futile, and the strong language written into legal agreements is put there for the most part to discourage those without proper training/knowledge to attempt it. Monitoring of any and all frequencies is not illegal, as per the original 1934 US Communications Act, which established the FCC and gave it domain over the operation of all the radio spectrum, commercial broadcasting and the telephone companies. What is illegal and what you get in trouble for is taking information from the conversation or data being monitored either content of conversations, and attempt to exploit the information for monetary or other personal gain. You can however be prosecuted under other international/federal/local and state laws or codes, regarding violations of privacy or intruding on the ability of the system/network owners ability to do business, or reduce customer access or otherwise cause harm to the operation of their normal business. People have also been prosecuted for using information to speculate in the stocks and bonds markets for instance.
I thought these hacks only worked on early versions of GSM, which aren’t used in current mobiles UMTS 3G and LTE 4G, with newer technology prefering longer key lengths (brute force hacking time is exponential in key length).
guess what happens when you turn on jammer that only jams 3G
Massive, huge amount of people complain to their network. Network presumably turns on some debugging tech in their towers that triangulates the jammer. Cops turn up sharpish.
That’s a guess… but presumably the network would do something pretty quick.
It’s sortof interesting that phone jamming doesn’t seem to go on very much. I suppose because it’s mostly pointless is the main reason. I wonder how many of those jammers get sold online? And how many are ever used?
Seriously, people don’t go running to their provider, just because their reception is bad. A Jammer that jams only th 3G Band will make your phone roll back to GSM. Unless you are surfing on the net, it doesn’t make a difference for you. You can still call and be called on your phone.
The missing bits of information are still public, you just have to go find them. Part of keeping the idiots out… preventing criminal uses by anyone except those who have the time and knowledge to do it.
It is new to the extent that the RTL-SDR is being used, which was suspected possible for a long time but never tested until now.
You need a nearly 2TB rainbow table to crack GSM regardless of the tools you have, and good luck with that because there are no seeders on the torrents.
“Never tested until now” ??? The gsm_receive_rtl.py script from airprobe that the guy uses in the article has been imported into git in June 2012 by Steve Markgraf …
Anyone reading this who’s tech savvy and with some financial incentive, can create an easy to use tool, sell it together with the table and the RTL-SDR for relatively cheap. The total hardware costs should not be more than $200 assuming a standard pc is available.
There is a kind man selling a rainbow table(on request) on ebay though.
http://www.ebay.ie/itm/Motorola-C123-variant-Osmocom-OsmocomBB-with-Filter-Rework-and-USB-linux-image-/262816303171
Don’t forget to check our job postings!
I turned off ABP for this! Another few posts like this will get hackaday white listed!
Excellent read.
Finally a real hack at hackaday !
What he said! ^^^^
What about 3G and LTE, is the encryption on those any better?
Yes, but jamming those frequencies will make your cellphone to fall back into GSM.
I still rather the MITM method, a femtocell or fake GSM BS :)
This was actually doable several years ago. Check out Chaos Communication Congress 27, “Wideband GSM Sniffing” (day 2) and “Running your own GSM stack on a phone” (day 3). I can’t remember what the first guys used, the second guys used the TI Calypso GSM chipset one some old Motorola phones
If I’ve understood correctly, the cheap SDR’s(such as the RTL-SDR) doesn’t have enough bandwidth to capture several channels, so if the cellular network uses channel hopping(which is pretty standard), capturing voice is close to impossible. SMS shouldn’t be much of a problem though, provided they are using unencrypted SMS (most providers are).
However, other SDR’s do have enough bandwidth to capture all GSM channels. I don’t quite think HackRF has enough bandwidth, but some USRP models does have. When you have all channels captured, and you have cracked the key, it’s just a matter of applying the key to the call across all channels.
Channel hopping in GSM is by no means a security measure, but it does ensure that attackers need a more hefty investment than 30$.
As usual, the guys with the most expensive toys gets all the fun.
Hello what is the best hardware to use?
Suppose the crack key is resolved, could it be posible from a pc+rtl-sdr do a call (sms or predefined voice) to a near cellphone whitout comunicating with the cell tower?? what would be the distance range?
Not with the dongle as that’s only recieve, but OsmocomBB works on some handsets which can transmit … http://bb.osmocom.org/trac/wiki/Hardware/Phones .
As of yet, I don’t think it’s able to avoid the cell towers, but one of these phones can act as one. In both cases you’d need a license though.
power output is under 1/2 watt so not far. phones have hardware bandpass filters that prevent them from front end overload as well as talking to each other.
Instead of all this, they should just code an SDRSharp plugin!
Has anyone that has left a comment, actually received the gsm-atm skimmer?