Archives for posts with tag: GSM

GCHQ heeft Gemalto gehackt om de authenticatiesleutels van SIM kaarten in handen te krijgen. Gemalto reageerde in eerste instantie laconiek. Nu zijn ze plotseling heel stellig over de beperkte impact van de hack. Dit was ook de strekking van de rapportage van het NOS journaal over dit onderwerp. Een iets kritischer opstelling van het journaal was echter wel op zijn plaats geweest.

Read the rest of this entry »

Winkels in de Bas Group (Dixons, Mycom en iCentre) gebruiken wifi en bluetooth om het gedrag van hun klanten (en de mensen op straat) te volgen. Dit is niets nieuws. In 2012 schreef ik al over hoe we, meer algemeen, ook in de fysieke wereld gevolgd worden. De vraag is: is dit een probleem?

Read the rest of this entry »

GSM has been broken up to the point that a phone call or an SMS can be intercepted using an ordinary phone and a PC. The impact of this attack is still somewhat limited, because to eavesdrop, you need to be close to the target mobile phone. However, with a bit of ‘crowdsourcing’ we can overcome this ‘limitation’.

Read the rest of this entry »

GSM has been broken up to the point that a phone call or an SMS can be intercepted using an ordinary phone and a PC. For ordinary people, this has little consequences. But targeted attacks, aimed at conversations of CEO’s or high ranking government officials, have become more likely. The same goes for targeted attacks against people that perform high value transactions using SMS based authentication.

The attack still has its limitations, and a fake base-station attack is maybe easier to perform. However, there is an easy solution to prevent this attack (and also the fake base-station attack, by the way). Force your mobile to use only UMTS (3G) communication. Make sure it does not fall-back to GSM. Certain phones have this option, like smartphones (although not always as an easily selectable option because 3G coverage is suboptimal).

If you think you are a possible high value target, get yourself such a phone. For the rest of the world: wait until your mobile network operator discontinues GSM and only uses UMTS.

Today Karsten Nohl presented the final blow to GSM security at the 27th Chaos Computer Club Congres 27C3. Last year he already presented his ongoing work on constructing the rainbow tables that allow a modern PC to recover the session key used to encrypt the communication between a mobile and the base station within a minute.
As I discussed back then, this did not immediately imply a practical attack to eavesdrop on GSM calls in real time.

The problem is that GSM uses frequency hopping to reduce interference on the channel from the mobile to the base station, and the command to switch to a particular frequency is encrypted as well. To decrypt a conversation one would therefore have to record all traffic on all possible frequencies. Once the session key is recovered (after a minute or so), one can use this to extract the conversation from the right parts in the recorded frequencies. The equipment to eavesdrop all frequencies in parallel is rather expensive.

However, Karsten has now further optimised the attack. First, the attack can now recover the session key in 20 seconds. But, more importantly, Karsten found that a session key is not refreshed with every communication (really, I am not making this up)! Instead it is reused for some time. This allows an attacker to first recover the current session key (using silent sms-es to a phone he wants to eavesdrop). Any call made with this phone can then be eavesdropped in real time using this session key. In fact, one can use a cheap phone with a reprogrammable hardware to do this.

This was all shown live during the presentation at 27C3.

Note that session key reuse also makes SMS based authentication less secure, at least for targetted attacks.

This idea came up when I saw a guy in the train today, carrying a cardboard box with a number written on it.

I stared at the box, and it took a short while before I realised the number was a phone number. I wondered why that was, and then it occurred to me that maybe the guy carrying the box was the recipient of the box. Maybe the phone number on the box was used to call him up to say his parcel was waiting for him…

Read the rest of this entry »

Govcert raadt aanbieders van sms authenticatie diensten (zoals telebankieren of DigiD) aan om geen nieuwe diensten aan te beiden en voor bestaande diensten een hernieuwde risico analyse uit te voeren. Dit naar aanleiding van de nieuwste ontwikkelingen rondom het kraken van het encryptie algoritme A5/1 in mobiele telefoons (GSM).

Read the rest of this entry »