Log in
View Full Version : $15 phone, 3 minutes all that's needed to eavesdrop on GSM call
DBMandrake
30th December 2010, 03:17 PM
http://arstechnica.com/gadgets/news/2010/12/15-phone-3-minutes-all-thats-needed-to-eavesdrop-on-gsm-call.ars
Once again, as if it was needed, researchers prove just how woefully insecure the ancient GSM protocol is, by being able to decrypt and monitor a GSM (2G) call within a few minutes. Will the mobile phone networks still claim this is a theoretical problem and refuse to do anything about it ?
The basic GSM encryption protocol was cracked a few years ago now, and no real changes have been made, despite it being shown to be as insecure and fundamentally broken as WEP.
As far as I'm aware, at least some aspects of this current exploit do not work on UMTS (3G) so this is one good thing about the concept of a 3G only network. (Any hybrid 2G/3G network can shunt a 3G call to 2G at any time, including in response to malicious 3rd party intervention thus making a "secure" call insecure)
At the very least, the populace should be made aware that mobile phone calls, at least on 2G are no longer secure, and with the release of information like this it won't be long until the necessary hardware and software is within the reach of "hobbyist" hackers, much like it's now trivial to snoop on WEP encrypted traffic.
miffed
30th December 2010, 03:44 PM
LOL ! you think that's bad , I remember in the old analogue days you could simply switch on a UHF scanner and listen away !!
Call me old fashioned , but if I needed to speak to someone in confidence , it would be face to face - I'd consider any other means as potentially "broadcasting" ! I think this is where my age and mistrust of this tech works in my favour . But I think we have a whole new generation that actually trust this stuff to be "secure" , and they are the ones that could come a cropper here.
DBMandrake
30th December 2010, 05:11 PM
Yep, I'm well aware of how easy the pre-GSM analogue mobile phones were to snoop on - back in the day I had a scanner and it was trivial to listen in on analogue phones...(also cordless phones, which on 27Mhz travelled at least 100 metres!)
Although many people probably weren't aware how easy it was, I don't think there was any general expectation of privacy from end users - they knew they were essentially talking on a radio, and that radios could be listened in on.
Enter GSM which was a digital system, and straight away casual eaves dropping with analogue receivers was made impossible, and I seem to remember some fuss being made at the time about how this new fangled GSM was encrypted, making eaves-dropping "impossible", probably a selling point at the time to get people to switch over from analogue.
Ever since then I think the general perception is that mobile phone calls can't be eaves dropped on by nearby scanners because they're "digital" and "encrypted", but this is clearly false now. Unfortunately end users aren't to know the difference between outdated, poorly designed, and easily breakable encryption, and modern, strong, currently unbreakable encryption systems.
The crypto know-how and technology has been available for at least 5 years now to do it right, and do so in a way that is secure and essentially unbreakable in the forseeable future, unfortunately there is a HUGE momentum behind the outdated systems - both operators networks, and mobile phone hardware itself. Legacy support will hold us back for years, perhaps decades. That doesn't mean they shouldn't try to do something about it though.
(Another similar problem exists with the chip & pin retail system - which was broken more than a year ago, and allows PIN authorized purchases with any PIN entered, as yet not resolved by the banks)
While it probably doesn't matter so much for "domestic" phone calls, (where there is a low chance of someone with the know how wanting to target an individual) I think targeted corporate espionage via tapping the phone calls of a competitor is well within the bounds of reality, if not already, some time soon, so until such time as new and more robust encryption and security is implemented in mobile phones, people need to know that the potential to be eaves dropped on is now a reality...
Ben
31st December 2010, 12:43 AM
Mobile phone calls really should be more secure. Unfortunately I don't think there's much of an incentive for anyone to do it - though as each standard supersedes the last I suppose there will be incremental improvement.
Unless there's widespread press coverage about the insecurity of GSM, enough to get the corporate world's back up, progress will be slow :(
Hands0n
31st December 2010, 01:11 AM
The opportunity to up the encryption technology would be with LTE and/or 4G. Although the chances are that has been overlooked and already the standard is set in stone for these two technologies. I can't imagine that there is much government enthusiasm for increased secure encryption either!
DBMandrake
2nd January 2011, 02:35 PM
The opportunity to up the encryption technology would be with LTE and/or 4G. Although the chances are that has been overlooked and already the standard is set in stone for these two technologies. I can't imagine that there is much government enthusiasm for increased secure encryption either!
Actually we don't have to wait for 4G. The problem is 2G/GSM backward compatibility.
Athough I wouldn't go so far as to say UMTS has been pounded on and proven to be secure, all of the current egregarious security desgin and implementation limitations in GSM that have been exploited in that recent article don't apply to UMTS, which has a much more secure design from the get go, so a switch to a UMTS only network (with 850/900Mhz support for indoor coverage obviously) would beef up the security considerably, to the point where it's not currently possibly to eavesdrop on, possibly for many years.
(Among other things UMTS fixes two major GSM problems - UMTS encryption is much stronger and better designed, and it also has 2 way authentication, while GSM does not authenticate the base station - making rogue base stations and man in the middle attacks possible on 2G even if the encryption hadn't been broken)
So long as fall back to 2G is enabled, we can't make any progress on security, as 2G GSM is so fundamentally broken it can't even be fixed by updating the spec, it just needs to be abandoned as a bad idea, as WEP was.
Ben
3rd January 2011, 01:14 PM
Another reason for hastening GSM's demise I suppose.
Lets face it, the technology has had its day now anyway. If it wasn't for OFCOM (and the networks, to some extent) messing up the licensing I'm sure UMTS would be taking over rapidly.
I wonder if government understands that if it leant on OFCOM it could probably achieve much of its broadband objectives and even cream in some more revenue from licensing in the process?!
Powered by vBulletin® Version 4.1.10 Copyright © 2022 vBulletin Solutions, Inc. All rights reserved.