
T-Mobile quietly hardens part of its U.S. cellular network against snooping - Libertatea
http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/22/t-mobile-quietly-hardens-part-of-its-u-s-cellular-network-against-snooping/
======
cooperq
Um guys, A5/3 is completely broken. According to Wikipedia: "In 2010,
Dunkelman, Keller and Shamir published a new attack that allows an adversary
to recover a full A5/3 key by related-key attack.[5] The time and space
complexities of the attack are low enough that the authors carried out the
attack in two hours on an Intel Core 2 Duo desktop computer even using the
unoptimized reference KASUMI implementation. The authors note that this attack
may not be applicable to the way A5/3 is used in 3G systems; their main
purpose was to discredit 3GPP's assurances that their changes to MISTY
wouldn't significantly impact the security of the algorithm."

Even if A5/3 weren't broken, there are still tower dumps and IMSI catchers,
which are a whole lot easier to use than breaking encryption. Yes A5/3 is
better than A5/1, but I call bullshit on this whole article.

~~~
rtpg
>Yes A5/3 is better than A5/1, but I call bullshit on this whole article.

Super pendantic, but the title is 'hardens' not 'makes hard'. If it's better,
than it's been hardened. Might not be the best thing available, but that's the
meaning of a comparative.

~~~
zaroth
Super-duper pedantic, but I would say broken can be considered neither hard
nor hardened.

------
x1798DE
I have T-Mobile, and I have to say, I've been quite happy with it and I've
been just waiting for the other shoe to drop. The only negative thing I hear
about them is people don't like the coverage area - which doesn't bother me
because when I switched to them they were the only company that offered wifi
calling (meaning I can comfortably use my phone at work and at home, where I
spend 99% of my time, for the first time in 6-8 years).

Do I just have a rosy outlook, or is T-mobile's limited marketshare such a
problem that they're somehow disciplined into being an actually good mobile
carrier?

~~~
anonu
I've been a VoiceStream, then T-Mobile customer for over 16 years. There's
been ups and downs in the relationship over the years. The most notable "down"
was the $800 international roaming charge they refused to remove from my bill
a few years back. Even though I really wanted to leave them then, a thorough
cost analysis of the competition showed they really were still cheaper...

More recently, the Simple Choice plan they introduced last year which includes
"free" international data roaming has ensured I stick with them for even
longer. I travel quite a bit, so that + the wifi calling which works pretty
much anywhere in the world has been a great thing.

~~~
hnarn
Why would they remove the $800 international roaming charge?

~~~
praneshp
A lot of the time, such charges come up because the customer was unaware, not
because they used it. I once made a call from whatsapp not realizing it
wouldnt go through wifi, and ran up almost $150, but T-mobile was kind enough
to remove it off the bill. Just customer-friendliness, more than anything
else.

~~~
fixedd
The wife and I took a cruise a few years ago and I tried my damnedest to turn
off anything even remotely resembling "yes, you can have a data connection". I
wanted to leave my phone on in case something happened with the kids (and so
I'd have a watch), I just didn't want it to DO anything other than allow
incomming calls. Got home to a $200 phone bill because there was a checkbox
somewhere I'd missed and cruise-ship mobile data is abhorrently expensive.

It happens.

~~~
jacquesm
Android: Apps/Settings/mobile networks/mobile data/checkbox off

------
joshavant
Just a reminder: TMobile is also actively chipping away at net neutrality
through their 'free' music streaming feature.

That is, they inspect your traffic and don't charge your bandwidth quota for
network traffic with TMobile-selected music streaming services (Spotify,
Google Play, etc).

[http://www.t-mobile.com/offer/free-music-
streaming.html](http://www.t-mobile.com/offer/free-music-streaming.html)

~~~
dylz
They don't DPI your traffic for this feature - if Spotfiy detects you're on
.tmodns.net, they will serve you from internal Telekom network caches instead
of hitting the wider internet. This is pretty much equivalent to australian
ISPs' freezones.

They _do_ DPI for other purposes though, such as ensuring that you don't
tether without paying (if you use a desktop browser user agent, it'll count
your tethering quota separately -- even if you spoof the UA from your phone's
browser), and for "caching" HTTP traffic (you'll see a 'X-Via: Harmony proxy'
header on any HTTP traffic, on any port).

They also hijack DNS NXDOMAIN for ad-filled pages, with no usable opt out
("opt out" uses a cookie that uses javascript to serve the page anyway, then
hide it with a fake nginx 404)

~~~
khuey
VPN solves all of those problems.

~~~
phamilton
HTTPS solves these problems too.

~~~
AnthonyMouse
HTTPS doesn't do anything for their DNS servers not returning NXDOMAIN as they
ought to. Also, clients can use a VPN all on their own, they can't force all
the servers they use to use HTTPS if they don't already.

------
cpeterso
In other T-Mobile security news, their customer website only supports SSL3 and
will stop working with Firefox 34 on November 24 (because SSL3 will disabled
due to the POODLE attacks). (Their website login is currently broken in
Firefox Beta, Aurora, and Nightly release channels.)

[https://bugzilla.mozilla.org/show_bug.cgi?id=1042380](https://bugzilla.mozilla.org/show_bug.cgi?id=1042380)

------
sarciszewski
A5/3? Where have I seen this before?

Oh, right.

[http://eprint.iacr.org/2010/013.pdf](http://eprint.iacr.org/2010/013.pdf)

------
eli
This hardens your messages against passive eavesdropping of the wireless
signal, but not a targeted attack with a bogus tower, right?

~~~
x1798DE
From the article:

 _Active attacks, involving a device called an “IMSI catcher,” may still be
able to eavesdrop on individual calls by manipulating a phone’s security
settings directly, without having to crack the encryption._

So, just hardens against passive eavesdropping (and only by upgrading to the
latest standard, not by any specially devised method).

~~~
rsync
Also, I think a tower (real or bogus) can instruct your phone to downgrade to
no-encryption, in which case the cipher won't matter.

If they really wanted to be "progressive" they would allow the phone to
display a cipher icon for proper encryption with the tower, which was always
part of the GSM spec, but was abandoned very early on. I think your SIM card
needs to support that as well, IIRC ...

~~~
eli
To be fair, it's a lot easier to harden the equipment they own vs the
equipment your customers own. I'm not sure such a cipher icon is even possible
in iOS without Apple's help. It certainly wouldn't be easy.

~~~
rsync
It's been a while since I went down this rabbithole, but I think it is
required via spec, but only if your SIM card has that feature enabled ... and
_no_ carriers anywhere (globally) enable that feature.

So I would be interested to see what happens if you insert a SIM card with
security checking turned on, into an iphone...

------
teamhappy
Germany has great cellular network hackers. If anyone of you would like to
know more about this area I'd highly recommend to search for talks by Harald
Welte or Karsten Nohl.

------
joering2
For many years I have impression that T-mobile seem to be the most user-
friendly network among all of them.

I also enjoy their Simple Talk Network. $40 unlimited talk, text, mms, 3G.
Sometimes my friends have hard time on their $120 Sprint or $140 ATT plan to
get internet fast in places where SimpleTalk (T-mobile rebrand) works like a
thunder!

------
davidholmesnyc
Good on Tmobile. I had them about 5 years ago and they was pretty good to me.
I only switched because I wanted an iPhone and at the time the unlock
community didn't come out with a patch. Because of that service I just opened
a new line with them for my second phone and so far so good.

------
justignore
T-MOBILE USED HARDEN! IT WASN'T VERY EFFECTIVE.

------
benguild
Does this only affect 2G/EDGE for the most part? Because I know that T-Mobile
falls back on 2G more often than AT&T does.

The only time I’ve been on 2G with AT&T in the last few years was going
through the BART tunnel in South Bay… haha.

~~~
BuildTheRobots
A5/3 (Kasumi) is near-on identical to the cyphers used in 3G connections, but
you're right, this is the 2G only implementation; so yes, this only affects
(applies to) 2G/EDGE/GSM.

I'm absolutely bloody agog that commercial first-world operators have taken
until the end of 2014 to actually support this -I think it was ratified into
the specification around 2001 if not earlier.

Also, for all you tinfoil wearers out there, you might like the fact that the
original specification for A5/3 was altered to make it more hardware friendly.
In 2010 it was realized that this actually made it extremely easy [1] to
recover the session key (if not in real time) [2].

[1] core2due in a couple of hours easy, see the abstract [2]. [2]
[http://eprint.iacr.org/2010/013](http://eprint.iacr.org/2010/013)

~~~
droopybuns
A5/3 is a block cipher, 3G connections use a stream cipher. Respectfully, this
is not "near-on" identical.

[http://security.stackexchange.com/questions/334/advantages-a...](http://security.stackexchange.com/questions/334/advantages-
and-disadvantages-of-stream-versus-block-ciphers)

Integrating support for these algorithms on the device side ends up being a
high hurdle. Doing anything at scale is inevitably harder than you expect it
to be. If it was a simple change, people would make it.

~~~
BuildTheRobots
THanks for the clarification, I'm obviously getting myself confused somewhere.
/me goes back to the documentation.

