The security of the most widely used standard in the world for transmitting
mobile phone calls is dangerously flawed, putting privacy and data at risk,
two researchers warned at the Black Hat conference in Europe on Friday.
Researchers David Hulton and Steve Muller showed at Black Hat in the U.S. last
month how it was possible to break the encryption on a GSM (Global System for
Mobile Communications) call in about 30 minutes using relatively inexpensive
off-the-shelf equipment and software tools. The hack means they could listen
in on phone calls from distances of up to 20 miles (32 kilometers) or farther
away.
They're still refining their
technique, which involves cracking the A5/1 stream cipher, an algorithm
used to encrypt conversations. In about another month, they'll be able to crack
about 95 percent of the traffic on GSM networks in 30 minutes or faster with
more advanced hardware.
Their research has been motivated in part by the absence of a more secure encryption
method despite years of warnings about GSM.
"Ultimately we are hoping that the mobile operators actually initiate
a move to secure their networks," Muller said. "They've had about
10 years, and they haven't done it. In my opinion, there is only one language
that they speak: that's called revenue. As soon as they lose the revenue, they
will actually change."
Since 1991 when GSM networks debuted, the integrity of their security has declined
as researchers probed. In 1998, the A5/1 and the A5/2, a weaker stream cipher,
were broken.
Commercial interception equipment is available now to eavesdrop on calls, which
can cost up to US$1 million. Hulton and Muller were game for a challenge and
wanted to do it more cheaply.
For around $700 they bought a Universal Software Radio Peripheral, which can
pick up any kind of frequency up to 3GHz. They modified the software to pick
up GSM signals broadcast from base stations. They compared those with signals
picked up by a Nokia 3310 phone, which had a software feature that allowed for
a revealing peek inside how GSM works.
Hulton and Muller studied how a GSM phone authenticates with a base station
and sets up an encrypted call. They then built a machine with lots of memory
that uses Field-Programmable Gate Arrays, high-powered hardware used for intensive
calculations, in order to crack the call's encryption.
And now they're planning to commercialize the technique, although Hulton said
they will vet buyers. He said they haven't had any feedback from operators on
their research.
Muller warned that faster attacks on GSM will likely emerge, making it more
imperative that the mobile industry finds a solution.
"We started [this project] because everyone said we couldn't do it,"
Muller said. "Attacks will always get better, they'll never get worse."
