GSM encryption code cracked wide open, leaked to the Internet

By on December 28, 2009 at 6:07 PM.

GSM encryption code cracked wide open, leaked to the Internet

wireless-tower

In a move to shed light on the vulnerability of GSM wireless networks, encryption expert Karsten Nohl, with the aid of 24 fellow hackers, was able to compile the multitude of algorithms behind the twenty one year old, 64-bit encryption scheme used to encrypt 80% of the world’s cellular GSM phone calls. The algorithm’s code book, comprising 2TB worth of data, has been published by Nohl and is now available on the Internet through BitTorrent. This is not the first time GSM was “cracked”. In 2003, the method by which GSM’s encryption code could be cracked was uncovered by a team of Israeli researchers and in 2008, David Hulton and Steve Muller presented at Black Hat a technique for the successful interception and decryption of a GSM stream using $1,000 of hardware and a half hour of time. Now in 2009, we have the binary code log that could potentially make GSM decryption faster and easier than ever. Before everybody panics, it is important to point out that the GSM algorithm that was cracked was the older and less secure 64-bit A5/1 algorithm, not the newer 128-bit A5/3 algorithm. Unfortunately, GSM carriers have been slow to adopt this new 128-bit encryption standard but Nohl’s disclosure may be the kick in the butt these lazy carriers need to beef up their security. More →

54 Comments

Security firm H4RDW4RE launches open source project to crack GSM encryption

By on December 9, 2009 at 1:04 PM.

Security firm H4RDW4RE launches open source project to crack GSM encryption

GSM Encryption

It has been long argued that the A5/1 encryption standard used to secure GSM traffic from eavesdropping is, in fact, insecure, and California based security firm H4RDW4RE is pioneering an effort to hammer that point home by cracking the encryption scheme. The A5/1 cipher is based on a 64-bit key — each cell phone has a 64-bit secret key which is also known by the connected GSM network. When you initiate a call the GSM network uses the secret key to generate a session key and encrypt your phone call. H4RDW4RE’s approach will be to crack this session key using a compressed and custom version of the A5/1’s 128-petabyte code book. Yikes. The aim of the project is to: take the vast code book and compress it down to around 2 or 3 terabytes of data, organize the data into rainbow tables, have these tables searched by a free P2P open-source program (much like SETI@home) in order to cipher session keys. Session keys will, theoretically, provide the ability to decrypt and listen in on GSM phone calls. H4RDW4RE’s goal is to push GSM vendors to finally admit that the technology is flawed and move to the more secure A5/3  code book, which is a 128-bit cipher, and already used by newer cellular technologies such as UTMS. Pretty powerful way to send a message, it sure does beat a letter writing campaign… Hit up the article for more details about the project. More →

21 Comments