German hacker cracks cell phone encryption
A German engineer has broken the 64-bit encryption still used by a large number of GSM cellular networks around the globe and released his findings online in hopes of spurring tighter security. What does this really mean for most wireless phone users?
Karsten Nohl presented his work at the Chaos Communication Congress in Berlin, a 4-day conference for computer hackers. He also released his findings via BitTorrent, where they can be downloaded by anyone.
The GSM standard was originally created in 1988 using 64-bit encryption called the A5/1 privacy algorithm, though a stronger 128-bit algorithm is currently available. Nohl says that his work is intended to push carriers who haven’t upgraded into tightening their security.
Consumers increasingly rely on their mobile phones as a primary means of communication and insecure mobile networks could become a huge threat for transactions like mobile banking and commerce. Without the proper security measures, consumer information could be vulnerable to well-funded cyber criminals.
Claire Cranton of the GSM Association said, “this is theoretically possible but practically unlikely.” She continued that, “what he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.”
Cracking into a mobile operator’s network would require specialized equipment to intercept the signal and to analyze the transmissions that aren’t available to the general public. Nohl counters that open source software is available to do the signal processing if the hackers get their hands on the right equipment.
Overall this isn’t an immediate threat to anyone’s mobile privacy, though it could become one if carriers don’t upgrade their security. Cell phone users on GSM networks account for over 80 percent of the world’s 4.3 billion wireless subscribers.
In the U.S., both AT&T and T-Mobile use the GSM standard, while Verizon and Sprint use a different protocol. That accounts for about 299 million cell phone users in the United States alone.
Six ways to get online from anywhere Can’t find a hotspot? Here’s how to make a Net connection without one.
by Glenn Fleishman, Macworld.com
We’re all so accustomed to having Internet access in so many places—at home, at the office, at airports, at coffee shops—that it can be infuriating to travel and find yourself with low-speed service or none at all.
Fortunately, there are six good ways to make sure you—and anyone traveling with you—can can access the Internet using your laptop’s built-in wireless networking, even when you’re nowhere near a Wi-Fi hotspot.
Note: Two of these options—cell phone tethering and using a 3G adapter—connect a laptop to the Net and then share that connection from the laptop.
To set up that sharing, first establish the Net connection to the laptop. Then open the Sharing preference pane (System Preferences -> Sharing) and select Internet Sharing. (Don’t check its box yet.) From the Share Your Connection From drop-down menu, choose the active Internet connection. In the To Computers Using list, check the AirPort box. If you want to password-protect the connection you’re sharing (an advisable thing to do), click AirPort Options and set it there. Finally, check the box next to Internet Sharing to turn sharing on. You may need to repeat these steps each time you enable the connection.
AirPort Express in a hotel room The AirPort Express (
) is a portable powerhouse of a base station. In hotel rooms that have only wired Ethernet for Internet access, plugging an Express into that wired connection not only lets you work on your laptop from anywhere in the room; it also lets you share that connection with other devices that have Wi-Fi but no Ethernet (such as an iPhone) and with family members or colleagues. Apple says the AirPort Express can support up to ten simultaneous Wi-Fi connections. You may first need to connect your laptop via Ethernet to register or activate the room’s connection, then plug in the AirPort Express. Make sure to activate WPA2 Personal encryption so your shared connection isn’t accessible to just anyone.
Tethering with your cell phone Tethering services for cell phones let you turn the mobile device into a modem. The phone connects to the Net over a 2.5G or 3G network; you then connect your laptop to the phone via Bluetooth or USB—voila, you’re online. You can then use your laptop as a base station to share that connection via Wi-Fi. Unfortunately, the iPhone doesn’t yet offer tethering in the United States; AT&T promises that it’s coming. If you’re using another phone, check with your cell provider. Some phones may let you tether, but the provider might slap expensive transfer fees on top of whatever data plan you already pay for.
Make your phone a hotspot A small but growing number of mobile phones have both 3G and Wi-Fi. With the right software, you can turn such phones into hotspots. Joiku’s JoikuSpot Light(free) and JoikuSpot Premium (€15) work on the Symbian S60 smartphone platform. The Light version supports the HTTP protocol alone, so the only thing you can do with it is surf the Web; the Premium version supports all Internet protocols. WalkingHotSpot ($25) works with Symbian S60 as well as many Windows Mobile phones. As with tethering, check with your carrier about extra data fees.
3G adapter for your laptop AT&T, Sprint Nextel, T-Mobile, and Verizon Wireless all offer Mac OS X drivers for a variety of 3G modems, which connect your laptop to the net over 3G data networks; many of those modems connect via the USB port, so they’ll work with any Mac portable. Unfortunately, that access comes at a high price: service plans typically cost $60 a month, with a two-year commitment and a usage limit of 5GB per month (combined uploads and downloads). (Cheaper plans, if a carrier offers them, include ludicrously small amounts of monthly use.)
A USB modem may be free with your contract, but it may cost as much as $150 to $250 without one. (If you purchase your modem up front, T-Mobile lets you pay its monthly data rate without a contract.) Fortunately, such modems can be swapped among nearly any Mac or Windows system. You can typically, but not always, share the resulting 3G service via Wi-Fi; some drivers might prevent it.
3G as you go Virgin Mobile (now owned by Sprint Nextel) has a pay-by-the-byte 3G plan. TheBroadband2Go USB modem costs $99; you then buy blocks of usage (in megabytes or gigabytes) as you need them. Pricing starts at $10 for 100 MB (must be used within 10 days) up to $60 for 1 GB (expires in 30 days). For those who travel and need access less frequently, this plan makes great sense. As with other 3G adapters, you can share your Virgin Mobile access via Wi-Fi, too.
3G Wi-Fi router The Novatel MiFi 2200 () isn’t the first hardware to combine 3G data access with a wireless router in one box. But such gateways—the Kyocera KR2, for example—have typically been the size of regular desktop routers. The MiFi, by contrast, can fit in your pocket. It allows up to five simultaneous connections and has an internal rechargable battery, so it can continue to provide that access even you’re away from a power outlet.
The MiFi is sold by Verizon Wireless and Sprint Nextel. Both firms charge $100 for it (after rebates, with a contract). Verizon offers data plans (with a two-year contract) for $40 for 250MB per month or $60 for 5GB per month. Sprint Nextel only offers a $60 plan (for 5GB per month, with a two-year contract). The MiFi can be purchased separately for about $250 and used with Verizon’s network at a $15-per-day rate for on-demand usage.
Glenn Fleishman is editor of Wi-Fi Networking News and author of Take Control of Your 802.11n AirPort Network (TidBITS Publishing Inc., 2009).
http://www.macworld.com/article/144012/makeyourownhotspot.html
Gold Lock Enterprise VS Skype
Skype uses SSL which uses electronic certificates and 128 bit encryption (standard for credit card transactions online also) This level of encryption is NOT appropriate for even top secret level communications. How many times have credit card numbers been stolen online?
http://en.wikipedia.org/wiki/Transport_Layer_Security
128-bit 2^128 2 multiplied by 2 128 times over. = 339,000,000,000,000,000,000,000,000,000,000,000 (give or take a couple trillion…).
Gold Lock Enterprise uses 4 different encryption methods. One of which is 16,384 Bit Authentication. That is 2 multiplied by 2, 16,384 times over (not just 128 times). This method IS appropriate for top secret level communications. Enterprise uses 16,384 Bit Authentication Elliptic Curve 384 Bits (RSA 7680 Bits Equivalent) AES 256 Bits Diffie Hellman 4096 Bits
AES – http://en.wikipedia.org/wiki/Advanced_Encryption_Standard Top Secret appropriate
RSA – http://en.wikipedia.org/wiki/RSA Top Secret appropriate
Diffie Hellman – http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange Top Secret appropriate
In addition to this technical “stuff” the facts remain that Skype provides a key to governments for lawful interception (which means all the security in the world in now a mute point) and Skypes 128 bit encryption has been broken, and hackers now easily intercept their calls.
http://sigillu.wordpress.com/category/technologies/skype/
As you can see Enterprise has significantly higher encryption capabilities than Skype. Skype encrypts just enough to satisfy their customers. Gold Lock takes pride in having the best and highest encryption software on the market. Gold Lock Enterprise is a military grade encryption software. No military uses Skype to relay orders or pass top secret information.
Demos to show spying on mobile IP calls
This screen shot shows the user interface of UCSniff. The user can listen in on a conversation and see the video of two people talking on an IP-based video phone. The two video screens show what each of the video phones is displaying.
(Credit: Viper Lab, Sipera Systems)
<link>
Phone security is much better
Q: Is there any difference in security between using a corded phone and a cell phone?
— Bruno RoccaAkron
A: Assuming your cell phone is digital, there’s not enough difference to worry about, said David Wagner, an associate professor of computer science at the University of California, Berkeley, who has done research on the issue.
Back when cell phones were analog, eavesdropping was easy, Wagner said. But today most cell phones are digital. While eavesdropping with a digital cell phone is possible, ”it’s pretty much out of the reach of casual interception,” he said.
Wagner noted that wired phones aren’t perfectly secure, either. But he said both digital cell phones and wired phones are sufficiently secure for most people to conduct everyday business.
Indeed, the weak link with cell-phone security is often human users who have sensitive conversations in public places without a second thought, he said. Be careful not to share sensitive information where you can be overheard.
…
<link>
How To Secure The BarackBerry
…
Phone identification and targeting
The first thing that needs to be done is to ensure anonymity. Today, there are two IDs in GSM/UMTS systems that can be exploited if somebody knows them and can get access to the core of the mobile network to find out the current location of the phone up to the level of the radio tower. These IDs are the International Mobile Subscriber Identity (IMSI) on the SIM card and the International Mobile Equipment ID (IMEI) of the mobile phone itself. Also, knowledge of one of the two values can also be used by someone who has access to the core of the mobile mobile network to intercept non end-to-end encrypted voice calls and Internet traffic.
To ensure anonymity these IDs should be changed in regular intervals. If I were the secret service I would get a large number of IMSI’s of several network operators, get the SIM card vendor on board and devise a scheme to change the IMSI on the SIM card on a regular basis. Concerning the IMEI a changing random number would do.
…
Obama’s new BlackBerry: The NSA’s secure PDA? | Politics and Law – CNET News
Obama’s new BlackBerry: The NSA’s secure PDA?
Posted by Declan McCullagh
President-elect Barack Obama checks his BlackBerry while riding on his campaign bus in Pennsylvania last March.
(Credit: Pete Souza/ Rapport Press )
Bill Clinton sent only two e-mail messages as president and has yet to pick up the habit. George W. Bush ceased using e-mail in January 2001 but has said he’s looking forward to e-mailing “my buddies” after leaving Washington, D.C.
Barack Obama, though, is a serious e-mail addict. “I’m still clinging to my BlackBerry,” he said in a recent interview with CNBC. “They’re going to pry it out of my hands.”
One reason to curb presidential BlackBerrying is the possibility of eavesdropping by hackers and other digital snoops. While Research In Motion offers encryption, the U.S. government has stricter requirements for communications security.
“Without more details I would have to say that putting sensitive or classified information on a BlackBerry is a risky proposition,” said Greg Shipley, chief technology officer at Neohapsis, a governance, risk, and compliance consultancy.
via Obama’s new BlackBerry: The NSA’s secure PDA? | Politics and Law – CNET News.
Nokia Buys Symbian, Takes the Mobile OS Open-Source
Google and Apple aren’t the only corporate giants intent on shaking up the wireless industry. Nokia announced Monday night that it is acquiring software maker Symbian — the company was already a minority stock holder — and releasing its mobile operating system under an open-source license.
The mobile hardware manufacturer, which uses Symbian software across it’s range of extremely popular S60 devices, is also establishing the Symbian Foundation, a collective of hardware and software companies who have pledged to donate code and resources to Symbian’s development. Phone makers Motorola and Sony Ericsson are on board. Among others, carriers NTT DoCoMo and AT&T and hardware component maker Texas Instruments have pledged support.
…
About Sigillu
Sigillu offers the safest and most efficient solution to keep your sensitive cellular conversations and text messages secure from eavesdropping.
Technorati
Subscribe to Sigillu Feeds
-
Recent Comments
Dan Mullens on Six ways to get online from an… Juan on PRENSA LIBRE CON ROSA MARIA PA… Juan on PRENSA LIBRE CON ROSA MARIA PA… thenonconformer on Police can snoop on every emai… Peter Hillier on Cops’ wiretap tech …
