Security firm H4RDW4RE launches open source project to crack GSM encryption

By on Dec 9, 2009 at 1:04 PM
News December 9, 2009

GSM Encryption

It has been long argued that the A5/1 encryption standard used to secure GSM traffic from eavesdropping is, in fact, insecure, and California based security firm H4RDW4RE is pioneering an effort to hammer that point home by cracking the encryption scheme. The A5/1 cipher is based on a 64-bit key — each cell phone has a 64-bit secret key which is also known by the connected GSM network. When you initiate a call the GSM network uses the secret key to generate a session key and encrypt your phone call. H4RDW4RE’s approach will be to crack this session key using a compressed and custom version of the A5/1′s 128-petabyte code book. Yikes. The aim of the project is to: take the vast code book and compress it down to around 2 or 3 terabytes of data, organize the data into rainbow tables, have these tables searched by a free P2P open-source program (much like SETI@home) in order to cipher session keys. Session keys will, theoretically, provide the ability to decrypt and listen in on GSM phone calls. H4RDW4RE’s goal is to push GSM vendors to finally admit that the technology is flawed and move to the more secure A5/3  code book, which is a 128-bit cipher, and already used by newer cellular technologies such as UTMS. Pretty powerful way to send a message, it sure does beat a letter writing campaign… Hit up the article for more details about the project.

Read

Tags:
, , , ,
21 Comments

Related Articles

  • zephxiii

    So i guess they are basically trying to say: “Hey you lazy bastards! Why don’t you use the higher encryption method since this one is crackable.” (though through large effort)

  • codemaker

    I think this is a great idea.

  • Cpete

    im all for better security but when it comes down to it if someone really wants to get in and listen to your call they will. even when the new system is used.

    • Soddy

      Comlpetely agree with you, no amount of security will stop a hacker with enough time and resources. However, the way I see it, if you’re having a conversation that you don’t want people to hear, you won’t be using a cell phone probably out in public to do so. In fact, I’d be flattered if someone other than the government spent their time listening to my phone calls or reading my text messages. They never mean anything important and I would have my own fan following.

      • MonkeyCheese

        @Soddy My text and phone calls are weird as well. If someone was listening yesterday they would have heard this phone call to my friend, “Dude, your gas station has a sign that says ‘Buy one potion get one potion free.’ Are there wizards in your neighborhood?”

      • Soddy

        Haha that’s pretty good. If people listened in on me they’d know exactly where I was going to drink and when the last time I pooped was. My friends and family aren’t fond of me.

        Ya know it’s funny, we don’t really mind if someone wants to listen in to the stupid stuff we say, but I’m pretty sure you’re like me and get pissed when the government says they have the authority to do it.

  • Stephen
  • johnboy

    there are possible DMCA implications with doing this. GSM probably protects a copyrighted work, breaking the encryption is therefore against the law.

  • http://www.fruitjuicenow.com Bryan

    Sooo, Just use UMTS??? Since its already at the 128bit encryption. GSM is dying. Who cares if they crack it. I work for AT&T and almost every phone we sell now is UMTS so GSM 64bit encryption is almost dead anyway.

    Again, who cares.

  • Krebmore L

    @Bryan: everyone who has a GSM phone cares, because they will need to pay to upgrade early. The carriers are between a rock and a hard place. They can’t admit that the network they’ve been touting as secure is actually not secure (leave alone that “secure” is always relative to available tech), and on the other hand wanting everyone to have to upgrade.

    KL

  • jludz

    So we can crack any call over say four hours… because that’s how long it will take to break the code and start listening in. Unless you get lucky of course. Note to bad guys: get all your juicy info out in the first hour of the call.

  • InTheKnow

    After H4RDWARE finishes with GSM, would they please get started with the archaic FAA system?

    The guys at H4RDWARE are my new heroes. When does their movie come out?

  • http://www.somegenius.wordpress.com Jim

    I’m confused, don’t AT&T and TMobile already use UTMS?

  • Biffs N Treatz

    That’s why GSM sucked from day 1! All those fools who kept saying that CDMA sucked, look who’s laughing now. Guess what? UTMS/HSPA/HSPDA are all W-CDMA. That’s right, all using Code Division Multiple Access Technology. Not that shitty Time Divison bullshit thats in GSM.

    GSM sucks! plain and simple!

  • Canis_Major

    So, let me understand this. GSM has been around for what? 15 or 20 years? Now, after all this time, a group hasn’t actually cracked it. So, a bunch of folks get together in a massive, multi-person effort to develop a multi-terrabyte database of codes. These codes will then have to be searched in the hopes of eventually lucking out and finding the one to crack a particular call while the call is still ongoing.

    How exactly does this prove that GSM is NOT secure? In my mind it proves that GSM is one heck of a secure system that it requires such a massive project to just make an attempt at cracking it.

  • GSM-sounds-more-general-than-this-article-means-it-to-be

    makes it sound worse than it really is. UMTS is pretty commonplace these days.

    i first read this and thought, wow i’m at risk. then the UMTS disclaimer popped into my head and i realized that no, in fact i’m not, since i’m using UMTS. yay.

    • Celz

      U must have missed vzw’s map for that commercials.. If you aren’t in the blue or your city has 2 iphones on twitter you’ll be using GSM and not UMTS..

      But honestly this whole idea sounds incredibly unfeasible and very stupid from a practicality stand point.. But in terms of marketing its brilliant!

  • dinoSnake

    What Canis_Major said.

    Are all you people that STUPID? Let’s get this straight: GSM has been out for years and *NOW* someone states that they will “crack” this supposedly “insecure” encryption standard. How? By using HUNDREDS if not THOUSANDS of people and the equivalent YEARS to DECADES of combined computing power to hard-crack the encryption using a brute force attack.

    And this is proving…what, exactly? That ANYONE can crack ANYTHING decades after being in use just to prove a point that it theoretically can be done?

    And, as Canis_Major points out, how long does an attack on an individual user key take? Much longer than the phone call which uses the key?

    I shake my head at the gullible stupidity of the people crying “wolf” here. You should all pull your heads out of your self-proclaiming butts and get back to the real world.

  • Scott

    Anyone know what Nokia phone that is in the picture? Just curious.

  • B B (No, not Blackberry)

    @dinoSnake: And, as Canis_Major points out, how long does an attack on an individual user key take? Much longer than the phone call which uses the key?

    Wouldn’t it be the same key for that handset though? every call? So if someone wanted to listen to your calls, they’d be able to try a few more keys with each call.

    Or why couldn’t they record the call in it’s encrypted state, and then run all the keys against it until they decode the recording?

  • dinoSnake

    Of course you are correct, BB – a crack of the key would work for every call the same handset makes.

    Your second paragraph, though, makes a belief that to accomplish the crack:

    1) the average person makes enough phone calls from the same stationary location to be scanned by a stationary listener, or

    2) the average person making phone calls will be followed long enough by a person with listening equipment and a portable computer so as to accomplish the attack

    Both scenarios are a bit paranoid, yes? Each one is possible (#1 in a busy city, for example) but still, rather paranoid as most people’s cell usage habits would negate #1…and #2 is pretty cloak-and-dagger for an attack against Joe Average with very little benefit guaranteed to the hacker versus labor output.

    It is possible the clause in your third paragraph is indeed possible, I cannot say.

blog comments powered by Disqus