Havoc

Cellphone Encryption Code Is Divulged

6 posts in this topic

source : http://www.nytimes.com/2009/12/29/technology/29hack.html?_r=2&partner=rss&emc=rss&pagewanted=print

A German computer engineer said Monday that he had deciphered and published the secret code used to encrypt most of the world’s digital mobile phone calls, saying it was his attempt to expose weaknesses in the security of global wireless systems.

...

In August, at a hackers’ forum in Amsterdam, Mr. Nohl challenged other computer hackers to help him crack the G.S.M. code. He said about 24 people, some members of the Chaos Computer Club, which is based in Berlin, worked independently to generate the necessary volume of random combinations until they reproduced the G.S.M. algorithm’s code book — a vast log of binary codes that could theoretically be used to decipher G.S.M. phone calls.

During an interview, Mr. Nohl said he took precautions to remain within legal boundaries, emphasizing that his efforts to crack the G.S.M. algorithm were purely academic, kept within the public domain, and that the information was not used to decipher a digital call.

“We are not recommending people use this information to break the law,” Mr. Nohl said. “What we are doing is trying to goad the world’s wireless operators to use better security.”

0

Share this post


Link to post
Share on other sites

source : http://www.nytimes.com/2009/12/29/technology/29hack.html?_r=2&partner=rss&emc=rss&pagewanted=print

A German computer engineer said Monday that he had deciphered and published the secret code used to encrypt most of the world’s digital mobile phone calls, saying it was his attempt to expose weaknesses in the security of global wireless systems.

...

In August, at a hackers’ forum in Amsterdam, Mr. Nohl challenged other computer hackers to help him crack the G.S.M. code. He said about 24 people, some members of the Chaos Computer Club, which is based in Berlin, worked independently to generate the necessary volume of random combinations until they reproduced the G.S.M. algorithm’s code book — a vast log of binary codes that could theoretically be used to decipher G.S.M. phone calls.

During an interview, Mr. Nohl said he took precautions to remain within legal boundaries, emphasizing that his efforts to crack the G.S.M. algorithm were purely academic, kept within the public domain, and that the information was not used to decipher a digital call.

“We are not recommending people use this information to break the law,” Mr. Nohl said. “What we are doing is trying to goad the world’s wireless operators to use better security.”

I read some articles about this and have a question. What range can this system be used at? Is it something that needs close support such as getting a bluetooth signal or can you "hach" direct to the cell tower frequencies? The reason is asked is merely from a security standpoint. Can this be built by someone that needs to carry it or deploy it somehow close to crowds or can they set it up at home and just let it run and record information?

0

Share this post


Link to post
Share on other sites

source : http://www.nytimes.com/2009/12/29/technology/29hack.html?_r=2&partner=rss&emc=rss&pagewanted=print

A German computer engineer said Monday that he had deciphered and published the secret code used to encrypt most of the world’s digital mobile phone calls, saying it was his attempt to expose weaknesses in the security of global wireless systems.

...

In August, at a hackers’ forum in Amsterdam, Mr. Nohl challenged other computer hackers to help him crack the G.S.M. code. He said about 24 people, some members of the Chaos Computer Club, which is based in Berlin, worked independently to generate the necessary volume of random combinations until they reproduced the G.S.M. algorithm’s code book — a vast log of binary codes that could theoretically be used to decipher G.S.M. phone calls.

During an interview, Mr. Nohl said he took precautions to remain within legal boundaries, emphasizing that his efforts to crack the G.S.M. algorithm were purely academic, kept within the public domain, and that the information was not used to decipher a digital call.

“We are not recommending people use this information to break the law,” Mr. Nohl said. “What we are doing is trying to goad the world’s wireless operators to use better security.”

I read some articles about this and have a question. What range can this system be used at? Is it something that needs close support such as getting a bluetooth signal or can you "hach" direct to the cell tower frequencies? The reason is asked is merely from a security standpoint. Can this be built by someone that needs to carry it or deploy it somehow close to crowds or can they set it up at home and just let it run and record information?

This "code book" they're talking about I believe is a rainbow table. Also, I believe this is what they're talking about: is this ftp://ftp.ccc.de/congress/26c3/mp4/26c3-3654-en-gsm_srsly.mp4

They did a couple of things, built a rainbow table to break gsm/a5 as well as a built a fake base-station. It's an interesting video.

0

Share this post


Link to post
Share on other sites

source : http://www.nytimes.com/2009/12/29/technology/29hack.html?_r=2&partner=rss&emc=rss&pagewanted=print

A German computer engineer said Monday that he had deciphered and published the secret code used to encrypt most of the world’s digital mobile phone calls, saying it was his attempt to expose weaknesses in the security of global wireless systems.

...

In August, at a hackers’ forum in Amsterdam, Mr. Nohl challenged other computer hackers to help him crack the G.S.M. code. He said about 24 people, some members of the Chaos Computer Club, which is based in Berlin, worked independently to generate the necessary volume of random combinations until they reproduced the G.S.M. algorithm’s code book — a vast log of binary codes that could theoretically be used to decipher G.S.M. phone calls.

During an interview, Mr. Nohl said he took precautions to remain within legal boundaries, emphasizing that his efforts to crack the G.S.M. algorithm were purely academic, kept within the public domain, and that the information was not used to decipher a digital call.

“We are not recommending people use this information to break the law,” Mr. Nohl said. “What we are doing is trying to goad the world’s wireless operators to use better security.”

I read some articles about this and have a question. What range can this system be used at? Is it something that needs close support such as getting a bluetooth signal or can you "hach" direct to the cell tower frequencies? The reason is asked is merely from a security standpoint. Can this be built by someone that needs to carry it or deploy it somehow close to crowds or can they set it up at home and just let it run and record information?

This "code book" they're talking about I believe is a rainbow table. Also, I believe this is what they're talking about: is this ftp://ftp.ccc.de/congress/26c3/mp4/26c3-3654-en-gsm_srsly.mp4

They did a couple of things, built a rainbow table to break gsm/a5 as well as a built a fake base-station. It's an interesting video.

I was lucky enough to be at 26C6 in Berlin this year, and I was all over this talk. I was pleasantly surprised by the content. I thought it'd just be a talk about OpenBTS/Asterisk/USRP2/GNU Radio, but they talked a good bit about rouge GSM "towers" and A5/1, A5/2 and A5/3 crypto. I was also lucky enough to be r0d3nt wingman on his talk, so I got to speak (briefly) with the presenters in the "speaker" room.

If you're into this sort of attacks/ideas, watch the video. Now, I'm wonder if the radio side of "Magicjacks femtocell" will be accessible!

0

Share this post


Link to post
Share on other sites

aren't A5/1 and COMP128 a history by now ?

0

Share this post


Link to post
Share on other sites

aren't A5/1 and COMP128 a history by now ?

Not on the majority of GSM networks, and A5/2 A5/3 really don't look any better.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now