

Huge GSM flaw allows hackers to listen in on voice calls - grosales
http://www.neowin.net/news/main/09/08/25/huge-gsm-flaw-allows-hackers-to-listen-in-on-voice-calls

======
dryicerx
Instead of this sensationalized neowin article, link to the actual guts of
this
[https://har2009.org/program/attachments/119_GSM.A51.Cracking...](https://har2009.org/program/attachments/119_GSM.A51.Cracking.Nohl.pdf)

------
tptacek
Karsten works with Chris Paget at H4RDW4RE, a consulting firm they started to
focus on hardware security. While all the high-end pentest firms will do
hardware, only a couple have a practice focus in hardware; they compete with
Nate Lawson's Root Labs and after that there's pretty much just Paul Kocher's
Cryptography Research. These guys are going to have a blast.

A direct link to the presentation:

[http://www.scribd.com/doc/18668509/HAR2009-Cracking-A5-GSM-E...](http://www.scribd.com/doc/18668509/HAR2009-Cracking-A5-GSM-
Encryption)

The long and the short of it, they're going to take the academic result that
you can precompute A5 and use a GPU cluster to build a rainbow table cracking
implementation.

This result is a couple steps away from apocolyptic, but not all the way
there:

* They haven't subverted GSM base stations (this is going to turn out to be doable, though). They can't pick a phone at random.

* They aren't publishing the GNU Radio code to sniff GSM. There are several free GSM projects, but putting the pieces together still requires talent, unlike wifi cracking.

* Regardless of whether these attacks are ever used in the wild, this will probably have a big effect on financial security, where GSM is used as a safe out-of-band authentication mechanism.

~~~
silentOpen
I have first-hand knowledge that this exploit is currently in use in the
Middle East and is purchasable from at least one American corporation. It must
be assumed that intelligence agencies have had this capability for the
entirety of the GSM deployment.

Base station security is a separate matter. Why do you think A5/1 influences
that?

~~~
tptacek
I don't. I'm saying, in the universe of things that could go wrong with
commercial GSM deployments, this is not the worst likely thing.

If I remember right, even Applied Cryptography managed to call out A5 as bad.

~~~
silentOpen
Ah, yes. It is my understanding that there were governmental pressures to
deploy a known-weak system.

------
blhack
Does anybody know what sort of card they're using for this?

~~~
rabidsnail
I think it's the usrp, which is a USB device and not a card. I know that there
have been a lot of people doing gsm hacking with them.

------
CamperBob
Something I don't understand is why these sorts of hacks are always
"preannounced" in advance of some conference or another. Inevitably, legal
action is taken to shut down the presentation and keep the details from
becoming public.

If you're going to announce a hack, announce the hack. If you're not, don't.
Why go through the same song-and-dance every time?

~~~
dryicerx
This isn't a bragging announcement, more of a call to action/support by
enthusiast community to help the project by providing computational power to
build the rainbow tables. (Read the linked slides, that should have been the
initial YC submission instead of this sensationalized neowin article
[https://har2009.org/program/attachments/119_GSM.A51.Cracking...](https://har2009.org/program/attachments/119_GSM.A51.Cracking.Nohl.pdf)
)

My Sideproject++ gotta do something with all these EC2 nodes laying around.

