GSM encryption code cracked wide open, leaked to the Internet

By on Dec 28, 2009 at 6:07 PM
News December 28, 2009

wireless-tower

In a move to shed light on the vulnerability of GSM wireless networks, encryption expert Karsten Nohl, with the aid of 24 fellow hackers, was able to compile the multitude of algorithms behind the twenty one year old, 64-bit encryption scheme used to encrypt 80% of the world’s cellular GSM phone calls. The algorithm’s code book, comprising 2TB worth of data, has been published by Nohl and is now available on the Internet through BitTorrent. This is not the first time GSM was “cracked”. In 2003, the method by which GSM’s encryption code could be cracked was uncovered by a team of Israeli researchers and in 2008, David Hulton and Steve Muller presented at Black Hat a technique for the successful interception and decryption of a GSM stream using $1,000 of hardware and a half hour of time. Now in 2009, we have the binary code log that could potentially make GSM decryption faster and easier than ever. Before everybody panics, it is important to point out that the GSM algorithm that was cracked was the older and less secure 64-bit A5/1 algorithm, not the newer 128-bit A5/3 algorithm. Unfortunately, GSM carriers have been slow to adopt this new 128-bit encryption standard but Nohl’s disclosure may be the kick in the butt these lazy carriers need to beef up their security.

Read

Tags:
, , , , , , ,
54 Comments

Related Articles

  • Grrr

    Go CDMA, Go!

    • 4Shizzle

      Ur a retard. Go to hell. If a ‘particular’ CDMA carrier was paying Luke Wilson to do commercials for them, you’d probably be all over his nuts.

      Being a fan of Verizon’s quality network is fine because they really do have a high quality network but being part of a CDMA vs GSM turf-war is stupid. Each offer their own advantages and disadvantages.

      • grrr

        I seriously want simultaneous voice/data and sim cards. My comment above was not so serious.

      • ChocoTaco369

        Simultaneous voice and data is only unavailable on Verizon because they use their old 1xRTT network for voice and ONLY THEIR DATA is 3G. AT&T upgraded its VOICE AND DATA to 3G because their crummy GSM voice network sounds terrible and is more unreliable, so they switched to W-CDMA all over. In short, if Verizon upgraded their voice network to 3G, they would have simultaneous voice and data as well, but there is no point to this as:

        1.) It is a useless feature 99% of the time as nearly everyone holds a phone next to their head while they talk.

        2.) There is no reason to waste the money to upgrade the voice network as there would be no benefits and data coverage would suffer because of funding.

        If Verizon wasted their time and money upgrading voice, their 3G coverage would be more like AT&T’s – nearly invisible on a national level. W-CDMA – keyword being the ‘CDMA’ in W-CDMA – is an upgrade to GSM, remember that.

        You CANNOT use simultaneous voice and data on AT&T’s GSM network, meaning EDGE and GPRS. It’s only on their 3G network, which is just a very small fraction of their actual coverage. The vast majority of users and areas cannot use that “feature.”

        SIM cards are also not exclusive to GSM technologies. SIM cards are used for CDMA networks in China. They are called R-UIM cards. The exact same principle as SIM cards apply.

        Don’t hate the technology. Hate the way it was implemented by American telco’s.

      • jason

        how about browsing the net during boring work conference calls on speakerphone or bluetooth headset? its also nice to be able to run maps if you need directions while on a call. or how about tethering while talking? your right that data + phone call at the same time is not an everyday thing, but i was surprised at how much i missed it when i left att for verizon :(

      • ChocoTaco369

        Unfortunately, the only advantage of GSM is better handset battery life, and that partially a side effect of the weaker technology in itself. Some classify global roaming as an advantage of GSM, but that has absolutely nothing to do with the technology itself, it’s just what the majority of countries have standardized and is not a technological advancement. Plus, you know what they say about standards – they are the lowest option available. CDMA is a premium service.

        Technologically speaking, CDMA handles low signal environments much better than GSM, towers propagate further (CDMA has a theoretical max of around ~35Km next to GSM’s ~25Km), CDMA has better sound quality thanks to a RAKE receiver, each CDMA tower can hold far more calls than a GSM tower thanks to nearly perfectly orthogonal chip pulses…CDMA is worlds ahead of GSM technologically, which is why America is covered so much better with CDMA. In small countries, you can get by with GSM because of the small area to cover, but in large countries like the US, CDMA’s ability to cover more ground and hold more calls with far less towers and provide a more reliable network thanks to its ability to hold clear calls at low signal vs. GSM, the weaknesses of GSM really show.

        Just a crash course in technology. Not trying to nutswing, I’m hoping you find this information relevant, interesting and enlightening.

      • Gerry Atrics

        To be fair, the expansiveness of CDMA networks in the US had more to do with business decisions of the multiple regional carriers and less to do with any technological reasons. There are many ways to increase the gain of any GSM network but there was really no incentive to do that in low populated areas.

        Even Verizon wouldn’t have the rural coverage it has today without big acquisitions like Alltel. It would have just be a roaming partner relying on Alltel’s network to connect their users calls outside VZW’s native footprint.

        With big carriers like Verizon and Sprint, many smaller regionals built out CDMA digital networks in an effort to increase roaming subsidies on their respective networks and to allow their subs coverage while away from home.

        For years, US carriers including Verizon backed by Qualcomm championed the CDMA camp with global worldwide aspirations. Unfortunately, this never really materialized outside a few countries here or there. Instead, Qualcomm settled for second best with HSPA networks and intellectual rights to upcoming 4G networks.

        With both relatively mature CDMA and legacy networks in the US, it appears that both will be distant memories within the next 10 years thanks to LTE and WiMax.

  • Gus

    Okay so next question….does AT&T and T-Mobile use 64-bit A5/1 algorithm, or do they use the newer 128-bit A5/3 algorithm???

    • James

      I bet AT&T is using the 128 and T-Mobile is using the 32. XD

      • michael

        If I had to bet ATT is still wondering what GSM stands for and what a SIM card is, and why doesn’t VZW use them. I’m not to worried about it. If it took a team of professional hackers to break the code I feel okay about it.

    • Gerry Atrics

      T-Mobile USA uses 128 bit encryption on their entire PCS network.

      AT&T uses 128 bit on part of their network but 64 bit on the majority of it. Upgrades have been put on hold with money going towards 3G expansion throughout 2009. Not sure if they’ll even pursue it in 2010. Highly doubt it unless they get some really really bad press over it.

      I’ve worked for T-Mobile and now AT&T on the engineering side. T-Mobile has an obviously smaller footprint, but they are sticklers about focusing on quality that’s why they don’t abuse AMR-HR like MaBell does.

      AT&T has so much money but there is so much political BS going on internally it’s disgusting. Politics dictate where budget money is distributed to. My group here in CA seems to be dead last when it comes to getting more funds.

      • Gus

        Gerry Atrics, that is some very good information, thanks! Do you know if this affects UMTS/HSPA 3G or does it only affect you when you are in GSM/EDGE/GPRS coverage only?

      • Gerry Atrics

        It only pertains to voice over legacy GSM networks.

        UMTS/HSPA uses a CDMA interface.

  • Hay112

    yeah verizon is sounding good right about now, I’m wondering the same thing Gus

    • Gerry Atrics

      Not that we should really care.

      We all know that Verizon, AT&T and Sprint willfully give our information to the NSA. Not sure if T-Mo USA did but I wouldn’t doubt it either. No hacking required!

      Hackable or not, our information is out there.

      • Danny

        LMAO! Good one Gerry!

      • Gina D

        QFT. (quoted for truth)

  • JoeTour

    im with ya……. go CDMA go……..hmmm, untill they heck taht one, at least!

  • Joseph

    Ok I’m confused, does this mean they can listen to our phone called or what? Someone please explain.

  • Aquafina

    Yeah what does this have to do with us on AT&T and t-mo?

    • Gus

      Aquafina, because AT&T and T-Mobile are the two US carriers that use GSM technology to deliver their celluar service. So if someone figured out how to crack the GSM encryption it means that they can listen in on your phone cellular phone calls.

  • Tim

    Pretty scary. Although there’s an even bigger flaw—I can’t remember what’s it’s called but the police are already able to use fake portable cell towers and do a man in the middle attack.

  • cjohns

    I can hear you now?

  • George

    English, please.

  • Dawn

    There’s an app for that. I hear AT&T is about to lower data usage then roll back to 24bit. Come to boost free data and text. 202-710-6740

  • http://www.dumbfuckery.net ScooterG
  • Jon

    CDMA’s downlink, has a key length of 42 bits, and isn’t even encrypted at all. Its admitted as such by Qualcomm. They were going to fix it in 1xEV-DV. Remember, CDMA voice dates only a few years after GSM.

  • Mrwirez

    Man, it seems every shred of telecom news is a hit on the AT&T network one way or another. Bad karma around.. Maybe LUKE can use the force…

  • JakeyBoy

    The Jews cracked this code long ago…

    • Butthead007

      And this racist remark was necessary because…….

      If you’re worried about the Mossad and any other Jewish (Israeli sponsored) intelligence gathering keeps you up at night, I am quite confident the diverse US Government has much better tools available to them to break codes.

      So hey, when some government employed puerto-rican dude hands a piece of paper to a lesbian Mexican, who then hands a memo to a black man who works for a Korean who then hands it off to a US citizen named Goldberg who happens to work for the US government too, and your data sits in their hands about what a hate mongering anti-semite you are, then deal with it.

      • Mrwirez

        Wow. How long you been sittin’ on that one?

      • wow

        @butthead007: wow, you need to calm down. you obviously don’t like the word jew, but using it doesn’t make you a racist. being racist makes you racist. as far as i can tell from that statement, jakeyboy is giving props to the isrealis anyways.

      • ~phel

        So If I use the N word everyday I’m not a racist? Oh and I’m Native American and White.

      • Johnny Depp

        Well we all know who the resident Jesus hater is around these parts? ;-)

        Seriously though the only thing I can imagine that would make me this irritated would be if I worked for Verizon or had to use them because as a last resort because nobody else had coverage inside my trailor park in the middle of Oklahoma or I just couldn’t afford the new $350 ETF.

      • sarah P

        Haha! Spit the soda out through my nose!

      • Gina D

        Yeah Butthead007 works for Verizon Wireless so that explains part of his hostility. Just go to HoFo and read his posts. Verizon can DO NO WRONG and he hates customers but works in customer service or retail sales? Go figure!

      • mikebeau

        not sure when jew became a racial slur

      • JakeyBoy

        how awesome is all this! people will take words and twist them into whatever they want. the word Jew is not racist. but Chevy instead of Chevrolet…that might be racist…lol

  • Darwin

    Good thing I’m on 3G UMTS and not GSM. Feel bad for those without 3G coverage though. Not sure this is really an issue at all though….Who wants to listen to 99.9999% of any of your calls??

  • http://Www.Sabaroy.com Jm

    Shame on tiger woods

  • Vzw is best

    Who gives a shit it’s not like your phone calls are important anyway. Police and FBI can listen to your convos and read all of your text whenever they want. Illegally or legally it dissent matter.

    • Mrwirez

      Yeah, Thanks to the Patriot Act via a douchebag terrorist.

  • Chatty “Hot” Carl

    I don’t even like listening to my own phone calls, why would I want to listen to anyone else’s?

  • http://indiatechnews.com/ Rash

    Seriously somebody gotta fix these leaks sooner or later.

  • xboomer

    So what! Sounds like a big waste of time to me. Let me ask BGR a question: Do you think that this was not already known by a limited audience?

    That’s a serious question. It might be a little out of place on this forum.

    Good grief!

  • patrick

    You can thank the Patriot Act on GWB. MISSION ACCOMPLISHED.

    • Jorge Lopez

      Don’t quit your day job…assuming you have one…which I highly doubt.

      However, I do prefer Obama’s approach to security…let a terrorist originating from Nigeria, who paid for a one way ticket in cash, who had no luggage, who had no passport and who’s father contacted U.S. authorities multiple times to say his son may be planning something against the U.S. and who has explosvies strapped to his crotch on to a U.S. flight while barrack bodysurfs. B+.

      • ~phel

        wow a rebublican Latino, what’s next a black president?

      • Gus

        Republican Latinos has historically been the norm. The Democrat Latino is only a recent fenomenom of the influx of illegal aliens and lower income legal latinos. I would say it goes back to the Kenedy years when Cubans got a bad taste for Democrats after they were left deserted in the Bay of Pigs disaster. Show what little you know. And it also shows how quickly Latinos forget how terrible the Democrats were to them.

      • ~phel

        Gus buddy, my above post was seething with sarcasm. Humor my friend, humor

  • http://bilgili.web.tr murat

    thanks that good
    Bilgi|Maxi|td

  • Steve

    I has this whore last night. She was amazing and awesome
    Unreal

  • http://www.palmcoveluxuryapartment.com.au/ ient

    very complicated device

  • Edmond Rodgers

    I am trying to use this verizon phone with my boost sim card how can i make it work

blog comments powered by Disqus