
The call of Kraken, GSM cracking software - monkeygrinder
http://lists.lists.reflextor.com/pipermail/a51/2010-July/000683.html
======
antirez
Is it possible to use a common phone to sniff the GSM traffic? Or something
like a GNU-radio capable external device is absolutely required?

GSM and GSM security are interesting topics but really hard to touch with your
hands because of the difficulty of reading what's passing over the air. The
more hackers will have access to equipments, the more secure will be our
conversations in the long run.

~~~
chris_l
To use a regular phone you would have to reverse-engineer a significant part
of the (low-level) software, est. cost > $1m

Even then you would have to get lucky with the hardware, as it is not designed
to sniff all the meta data and pass it up for capture. It might do some of the
stuff in hardware that you want done in software.

~~~
antirez
Thanks for the clarification

------
vgurgov
I dont know much about GSM protocols. Can somebody here explain what might be
possible applications for this thing? Would it be possible to decode recorded
GMS calls around you? Is it significant vulnerability?

~~~
ianso
A5/1 protects the over-the-air voice stream in GSM. Details on the protocol
and cryptosystem:

<http://everything2.org/user/Jetifi/writeups/GSM>

I don't think this is quite as big a deal as it's made out to be, since that
A5/1 and /2 were both broken almost a decade ago, and most GSM providers have
replaced these two ciphers with others since then. It might still be useful in
places outside of Europe and the US though.

~~~
chris_l
Care to tell us where we can find info on the ciphers actually in use?

------
Rod
From last year's Chaos event:

[http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.h...](http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html)

 _"From the total lack of network to handset authentication, to the "Of course
I'll give you my IMSI" message, to the iPhone that really wanted to talk to
us. It all came as a surprise -- stunning to see what $1500 of USRP can do.
Add a weak cipher trivially breakable after a few months of distributed table
generation and you get the most widely deployed privacy threat on the
planet."_

