Cheap GSM Eavesdropping a Reality

Techmeology writes "GSM eavesdropping has been demonstrated at the Chaos Computer Club Congress in Berlin using a €10 Motorola phone and open source GSM firmware. Karsten Nohl and Sylvain Munaut replaced the firmware on the phone, enabling them to process all the data it received. They used already available rainbow tables to decrypt data being sent to and from other mobile phones. They have no plans to release the hack publicly, however they expect others to successfully attempt the hack. Mr. Nohl said the objective was to raise awareness of GSM's insecurity."

Don't use GSM Phones

[clonehappy]

GSM systems use a rudimentary TDMA system which assigns each user a timeslot on a given frequency. The handset and base station both transmit/receive at the assigned interval to exchange the voice data. There isn't much security to speak of, since the basic encryption used in GSM was broken years ago. 3G GSM systems are probably still secure, as they don't use a TDMA based system. 3G GSM uses a Wideband-CDMA based system which provides greater security of the data being transferred at the physical interface layer.

Using a CDMA system, which many Americans and the rest of the world see as inferior technology, effectively eliminates the ability for a third party to eavesdrop on a wireless call. In a CDMA system, all data is distributed over the same frequency range, with an ever-changing pseudorandom code assigned to it, using spread spectrum technology. The ability to "guess" the code for any given call (out of I belive over a trillion unique codes) is nearly impossible.

While this doesn't mean that governments, spy agencies, etc. cannot still listen to your phone conversation, it means Joe Blackhat in his garage across the alley isn't listening to your phone conversation. If I were using a mobile phone for anything remotely private, which I sure as hell don't, I would have to forego using the global standard system in favor of one that uses a more secure air interface (CDMA or 3G GSM). If there are any non-telco geeks that want to know more, read section 5 of the whitepaper linked below, it has some good information on how this all works and how this system works to keep your conversations private, at least from two-bit hackers.

http://b2b.vzw.com/assets/files/SecurityWP.pdf [vzw.com]

Crypto isn't the main problem

[ThunderBird89]

The main problem here isn't really cryptographic, but economic: mobile carriers have no vested interest in protecting the privacy of their customers, since the Average Joe doesn't care about it either way, and for those who do, there exist specialized encrypted phones (which, I might add, can all be subverted by hackers with the least bit of determination). This article [arstechnica.com] states that of the two keys being used, the one used to authenticate the SIM towards the provider is very strong, because the providers have an interest in keeping that secure, while the key protecting individual sessions is weak, since it doesn't need to be strong.

Using strong crypto in the handsets would likely require a more powerful CPU or a dedicated chip, raising the cost and the complexity, making it unattractive to the manufacturers and providers. Also, it wouldn't solve a damn thing, as it would merely shift the focus from eavesdropping to more ... direct methods of obtaining the required information, since a cypher is only as strong as the weakest point, in this case the human endpoints.

Also, I doubt government agencies are startled at this announcement. I worked at the Hungarian Foreign Ministry, and I had at least one call eavesdropped, and one call actually hijacked by having a third party speak on the line for both of us to hear. The article makes it clear that in order for this to work, you need to know your target and track it for some time, making it impossible to just 'go around snooping in on others' and have this turn into another Google StreetView incident.

There's nothing wrong with GSM

[Sloppy]

Networks are insecure, period. That should be the underlying assumption of any communications system.

Then you put endpoint-to-endpoint crypto into the application. If some other layer also encrypts, like the crypto in CDMA or GSM or WPA2 or OpenVPN, that's ok, but it's not something your application should assume is useful, or even needs to be aware of.

Look at it that way, and GSM and CDMA have identical security: none. Security is the application's problem. We're looking at it all wrong: legacy phones are insecure, because they're an application that is designed to be compatible with .. what, late 1800s tech? Let's stop worrying about the networking tech itself, and fix the app. Fix the app, and the network won't matter.