Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Huge GSM flaw allows hackers to listen in on voice calls (neowin.net)
18 points by grosales on Aug 26, 2009 | hide | past | favorite | 10 comments



Instead of this sensationalized neowin article, link to the actual guts of this https://har2009.org/program/attachments/119_GSM.A51.Cracking...


Karsten works with Chris Paget at H4RDW4RE, a consulting firm they started to focus on hardware security. While all the high-end pentest firms will do hardware, only a couple have a practice focus in hardware; they compete with Nate Lawson's Root Labs and after that there's pretty much just Paul Kocher's Cryptography Research. These guys are going to have a blast.

A direct link to the presentation:

http://www.scribd.com/doc/18668509/HAR2009-Cracking-A5-GSM-E...

The long and the short of it, they're going to take the academic result that you can precompute A5 and use a GPU cluster to build a rainbow table cracking implementation.

This result is a couple steps away from apocolyptic, but not all the way there:

* They haven't subverted GSM base stations (this is going to turn out to be doable, though). They can't pick a phone at random.

* They aren't publishing the GNU Radio code to sniff GSM. There are several free GSM projects, but putting the pieces together still requires talent, unlike wifi cracking.

* Regardless of whether these attacks are ever used in the wild, this will probably have a big effect on financial security, where GSM is used as a safe out-of-band authentication mechanism.


I have first-hand knowledge that this exploit is currently in use in the Middle East and is purchasable from at least one American corporation. It must be assumed that intelligence agencies have had this capability for the entirety of the GSM deployment.

Base station security is a separate matter. Why do you think A5/1 influences that?


I don't. I'm saying, in the universe of things that could go wrong with commercial GSM deployments, this is not the worst likely thing.

If I remember right, even Applied Cryptography managed to call out A5 as bad.


Ah, yes. It is my understanding that there were governmental pressures to deploy a known-weak system.


Does anybody know what sort of card they're using for this?


I think it's the usrp, which is a USB device and not a card. I know that there have been a lot of people doing gsm hacking with them.


Something I don't understand is why these sorts of hacks are always "preannounced" in advance of some conference or another. Inevitably, legal action is taken to shut down the presentation and keep the details from becoming public.

If you're going to announce a hack, announce the hack. If you're not, don't. Why go through the same song-and-dance every time?


This isn't a bragging announcement, more of a call to action/support by enthusiast community to help the project by providing computational power to build the rainbow tables. (Read the linked slides, that should have been the initial YC submission instead of this sensationalized neowin article https://har2009.org/program/attachments/119_GSM.A51.Cracking... )

My Sideproject++ gotta do something with all these EC2 nodes laying around.


If you pre-announce and get shut down, then you get all of the media attention without actually having to prepare a talk. It's win-win!




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: