Archives for posts with tag: A5/1

GSM has been broken up to the point that a phone call or an SMS can be intercepted using an ordinary phone and a PC. The impact of this attack is still somewhat limited, because to eavesdrop, you need to be close to the target mobile phone. However, with a bit of ‘crowdsourcing’ we can overcome this ‘limitation’.

Read the rest of this entry »

Today Karsten Nohl presented the final blow to GSM security at the 27th Chaos Computer Club Congres 27C3. Last year he already presented his ongoing work on constructing the rainbow tables that allow a modern PC to recover the session key used to encrypt the communication between a mobile and the base station within a minute.
As I discussed back then, this did not immediately imply a practical attack to eavesdrop on GSM calls in real time.

The problem is that GSM uses frequency hopping to reduce interference on the channel from the mobile to the base station, and the command to switch to a particular frequency is encrypted as well. To decrypt a conversation one would therefore have to record all traffic on all possible frequencies. Once the session key is recovered (after a minute or so), one can use this to extract the conversation from the right parts in the recorded frequencies. The equipment to eavesdrop all frequencies in parallel is rather expensive.

However, Karsten has now further optimised the attack. First, the attack can now recover the session key in 20 seconds. But, more importantly, Karsten found that a session key is not refreshed with every communication (really, I am not making this up)! Instead it is reused for some time. This allows an attacker to first recover the current session key (using silent sms-es to a phone he wants to eavesdrop). Any call made with this phone can then be eavesdropped in real time using this session key. In fact, one can use a cheap phone with a reprogrammable hardware to do this.

This was all shown live during the presentation at 27C3.

Note that session key reuse also makes SMS based authentication less secure, at least for targetted attacks.

Govcert raadt aanbieders van sms authenticatie diensten (zoals telebankieren of DigiD) aan om geen nieuwe diensten aan te beiden en voor bestaande diensten een hernieuwde risico analyse uit te voeren. Dit naar aanleiding van de nieuwste ontwikkelingen rondom het kraken van het encryptie algoritme A5/1 in mobiele telefoons (GSM).

Read the rest of this entry »

Today the New York Times reported that Karsten Nohl had finally broken the A5/1 encryption algorithm used to protect GSM voice (and data) communication. He presented the details of his attack at the Chaos Communication Congress (which he pre-announced at Hacking At Random earlier this year).

Is this any news?

Read the rest of this entry »