Sunday, December 6, 2009

Open-Source Effort to Hack GSM

Via IEEE Spectrum -

If you're still using a cellphone based on early digital standards, you better be careful what you say. The encryption technology used to prevent eavesdropping in GSM (Global System for Mobile communications), the world's most widely used cellphone system, has more security holes than Swiss cheese, according to an expert who plans to poke a big hole of his own.

Karsten Nohl, chief research scientist with H4RDW4RE, a Sunnyvale, Calif.-based security research firm, is mounting what could be the most ambitious attempt yet to compromise the GSM phone system, which is used by over 3 billion people around the world. Others have cracked the A5/1 encryption technology used in GSM before, but their results have remained secret. However, Nohl, who earned a Ph.D. in computer science at the University of Virginia and is a member of Germany's Chaos Computer Club (CCC), intends to go one big step further: By the end of the year, he plans to make the keys available to everyone on the Internet.

Each GSM phone has its own secret key, which is known by the network. Every time a call is initiated, a new session key for that particular call is derived from the secret key and used to encrypt the call. Nohl aims to crack the session key.

The engineer has designed an open-source software program that participants in his A5/1 cracking project can install on their PCs and use to share the task of computing the lookup tables that make up the cryptography system. The final codebook with the computed tables will be shared across a peer-to-peer network. Therefore, no one computer contains all the files, making it difficult, if not impossible, to remove the cracking tool entirely from the Internet.

The aim of the project, he says, is not to "break anything" but rather to create an awareness of "a long-standing vulnerability" in GSM encryption technology and, ultimately, to push mobile phone operators still delivering calls over GSM networks either to phase in the more advanced voice and text-messaging encryption technology, A5/3, or upgrade to a newer-generation digital phone system.

Technically, Nohl's approach is based on the same techniques used in a GSM crack carried out in 2008 by security group The Hacker's Choice (THC). But Nohl's effort has a few twists.

No comments:

Post a Comment