Hackers Jimmy GSM Cellphone Encryption

Tuesday, January 5, 2010

Hackers have once again demonstrated that the GSM (Global System for Mobile Communications) standard, the most widely used mobile phone standard in the world, can be hacked.

The GSM Association (GSMA) has acknowledged the technology's flaw, but it said the weakness is not a serious threat and that hackers have not been able to create a practical attack capability that can be used on live, commercial GSM networks.

However, the danger of this latest hack is that it was done with relatively inexpensive equipment, including a PlayStation 3 and open source software, showing that it's getting cheaper and easier to hack wireless communications.

The Latest Hack

The A5/1 cipher used by GSM is insecure, Karsten Nohl and Chris Paget told attendees at the 26th Congress of the Chaos Club in Berlin on Monday. They recommended that it be replaced.

"It was stunning to see what (US)$1,500 of USRP can do," they wrote in a summary of their presentation at the Chaos Club congress. "Add a weak cipher trivially breakable after a few months of distributed table generation, and you get the most widely deployed privacy threat on the planet."

GSM is used by nearly 800 mobile carriers in 219 countries worldwide, representing more than three billion connections, according to GSMA statistics.

USRP stands for "Universal Software Radio Peripheral." A USRP is a high-speed USB-based board for making software radios. It has an open design with freely available schematics, and comes with free software to integrate with the GNU Radio free software toolkit.

Nohl and Paget have created a code book, or lookup table, for the A5/1 cipher using fast graphics cards such as Nvidia (Nasdaq: NVDA) and ATI/AMD cards, and Sony (NYSE: SNE) PlayStation 3s. While compiling such a code book would take more than 100,000 years on a single CPU, it took three months on 40 Nvidia Cuda nodes.

The Dangers

The most important thing about this latest hack is that it used relatively inexpensive, widely available technology. "Processing power is increasing dramatically, with GPU (graphics processing units) in particular," said Rob Enderle, principal analyst at the Enderle Group, said. "This is only the tip of the iceberg when it comes to how this power could be used to hack into otherwise secure data streams."

0 comments:

Post a Comment

Note: Only a member of this blog may post a comment.