The 27th Chaos Communication Congress (27C3) is the annual conference organized by the Chaos Computer Club (CCC). Last year, at 26C3, researches showed a rainbow table attack on GSM’s A5/1 encryption.
A bit of history: The GSM encryption was introduced in 1987 and then it was disclosed and shown insecure in 1994. As time passes the attacks become better and better, but for some reason the GSMA prefer to claim that the attacks are not practical:
Over the past few years, a number of academic papers setting out, in theory, how the A5/1 algorithm could be compromised have been published. However, none to date [2009-12-30] have led to a practical attack capability being developed against A5/1 that can be used on live, commercial GSM networks.
[…] In 2007-8, a hacking group claimed to be building an attack on A5/1 by constructing a large look-up table1 of approximately 2 Terabytes – this is equivalent to the amount of data contained in a 20 kilometre high pile of books.
[…] All in all, we consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM. More broadly, A5/1 has proven to be a very effective and resilient privacy mechanism.
One may suspect that there is a conspiracy to keep encryption easy to crack, but after reading the hilarious comment about 20 km of books (a 2 TB hard drive costs about $100) one is forced to apply the Hanlon’s razor.
Yesterday (2010-12-28), at 27C3, researches have shown how to reduce the attacker’s budget down to a PC, cheap mobile phones, and open source software:
Now that GSM A5/1 encryption can be cracked in seconds, the complexity of wireless phone snooping moved to signal processing. Since GSM hops over a multitude of channels, a large chunk of radio spectrum needs to be analyzed, for example with USRPs, and decoded before storage or decoding. We demonstrate how this high bandwidth task can be achieved with cheap programmable phones.
Security thru obscurity does not hold for long: once it becomes easy to present a GSM air interface to standard GSM handset, insecurities in the handsets becomes easier to find. Another 27C3 lecture (SMS-o-Death) shows what one can learn about security of “feature phones”:
We show how we analyzed these type of phones for SMS security issues and what kind of problems to overcome in the process. We show results for the major mobile phone manufacturers in the world. Everyone of them has problems. Finally we show what kind of global scale attacks one can carry out with these kind of bugs. The attacks range from interrupting phone calls, to disconnecting people from the network, and sometimes even bricking phones remotely.
