Cell phone eavesdropping enters script-kiddie phase
Black Hat Independent researchers have made good on a promise to release a comprehensive set of tools needed to eavesdrop on cell phone calls that use the world’s most widely deployed mobile technology.
“The whole topic of GSM hacking now enters the script-kiddie stage, similar to Wi-Fi hacking a couple years ago, where people started cracking the neighbor’s Wi-Fi,” said Karsten Nohl, a cryptographer with the Security Research Labs in Berlin who helped spearhead the project. “Just as with Wi-Fi, where they changed the encryption to WPA, hopefully that will happen with GSM, too.”
The suite of applications now includes Kraken, software being released at the Black Hat security conference on Thursday that can deduce the secret key encrypting SMS messages and voice conversations in as little as 30 seconds. It was developed by Frank A. Stevenson, the same Norwegian programmer who almost a decade ago developed software that cracked the CSS encryption schemeprotecting DVDs.
…
GSM insecurity is largely the result of widely known weaknesses in A5/1, the algorithm used to decrypt calls in most of the developed world. Years ago, mobile operators devised A5/3, which requires some quintillion more mathematical operations to be cracked. It has yet to be adopted as mobile operators fret that the change will be expensive and won’t work on older handsets. Many countries continue to use A5/0, which uses no meaningful encryption at all.
…
PRACTICAL CELLPHONE SPYING
CHRIS PAGET ETHICAL HACKER
It’s widely accepted that the cryptoscheme in GSM can be broken, but did you know that if you’re within radio range of your target you can intercept all of their cellphone calls by bypassing the cryptoscheme entirely? This talk discusses the practical aspects of operating an “IMSI catcher”, a fake GSM base station designed to trick the target handset into sending you its voice traffic. Band jamming, rolling LACs, Neighbour advertisements and a wide range of radio trickery will be covered, as well as all the RF gear you’ll need to start listening in on your neighbours.
Chris Paget has over a decade of experience as an information security consultant and technical trainer for a wide range of financial, online, and software companies. Chris’ work is increasingly hardware-focused, recently covering technologies such as GSM and RFID at venues such as Defcon and Shmoocon. With a wide range of experience encompassing software, networks, radio, cryptography and electronics, Chris enjoys looking at complex systems in unusual ways to find creative attacks and solutions.
…
Privacy concerns at Defcon
From Chris Paget’s Blog:
I’m planning to give a pretty spectacular demonstration of cellphone insecurity at Defcon, where I will intercept the cellular phone calls of the audience without any action required on their part. As you can imagine, intercepting cellphone calls is a Very Big Deal so I wanted to announce at least some of the plan to reassure everyone of their privacy.
First and foremost – I’m not just making this stuff up. I know when to get advice from a good lawyer, and in this case I’m taking the advice of the very best there is: the EFF. They’ve been kind enough to offer their help and I’m taking it – this is what we’ve worked out.
1. If you’re in an area where your cellphone calls might be intercepted, there will be prominent warning signs about the demo including the time and date as well as a URL for more info. This will be the only time when unknown handsets will be allowed to connect; at all other times only pre-registered handsets will be granted access. You will be clearly warned that by using your cellphone during the demo you are consenting to the interception, and that you should turn your cellphone off during that time if you do not consent. A recorded message with essentially the same info will also be played whenever a call is made from the demo network.
…
What to Watch at Black Hat and Defcon
…
3) Mobile bugs
Unleash the Kraken! That’s just what GSM security researchers are going to do at Black Hat this year, in what could ultimately become a major headache for U.S. and European mobile network operators. Kraken is open-source GSM cracking softwarethat’s just been completed. Combined with some highly optimized rainbow tables (lists of codes that help speed up the encryption-breaking process), it gives hackers a way to decrypt GSM calls and messages.
What Kraken doesn’t do is pull the calls out of the air. But there is another GSM-sniffing project — called AirProbe — that’s looking to make that a reality. The researchers working on these tools say that they want to show regular users what spies and security geeks have known for a long time: that the A5/1 encryption algorithm used by carriers such as T-Mobile and AT&T is weak, and can be easily broken.
But why break GSM encryption when you can simply trick phones into connecting with a fake basestation and then drop encryption? That’s just what Chris Paget plans to demo in Las Vegas this week, where he says he’ll invite conference attendees to have their calls intercepted. Should be a fun demo, if it’s legal. Paget thinks it is. He has also developed what he calls the “world record” for reading RFID tags at a distance — hundreds of meters — which he’ll be discussing at a Black Hat talk.
Another researcher, known only as The Grugq, will talk about building malicious GSM network base stations and components on mobile devices. “Trust us, you’ll *want* to turn off your phone for the duration of this talk,” the talk’s description reads.
And on a week that was kicked off with Citibank’s admission that it had messed up security on its iPhone app, another talk to watch will be Lookout Security’s “App Atttack,” which will shed light on insecurities in mobile applications.
…
Citi Discloses Security Flaw in Its iPhone App
Citigroup Inc. said its free U.S. mobile-banking application for Apple Inc.’s iPhone contained a security flaw and advised its customers to upgrade to a newer version that corrects the problem.
In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved information—including account numbers, bill payments and security access codes—in a hidden file on users’ iPhones. The information may also have been saved to a user’s computer if it had been synched with an iPhone.
The issue affected the approximately 117,600 customers who had registered the iPhone app with Citi since its launch in March 2009, a person familiar with the matter said. The bank doesn’t believe any personal data was exposed by the flaw.
“We have no reason to believe that our customers’ personal information has been accessed or used inappropriately by anyone,” Citi said. Apple acknowledged the issue and encouraged users to download the updated app.
…
New ‘Kraken’ GSM-cracking software is released
The GSM technology used by the majority of the world’s mobile phones will get some scrutiny at next week’s Black Hat security conference, and what the security researchers there have to say isn’t pretty.
On Friday, an open source effort to develop GSM-cracking softwarereleased software that cracks the A5/1 encryption algorithm used by some GSM networks. Called Kraken, this software uses new, very efficient, encryption cracking tables that allow it to break A5/1 encryption much faster than before.
The software is key step toward eavesdropping on mobile phone conversations over GSM networks. Since GSM networks are the backbone of 3G, they also provide attackers with an avenue into the new generation of handsets.
…
Como esposos, agentes espiaron en consulados
En las embajadas y consulados de Ecuador en Colombia se iniciaron las tareas de espionaje que desplegó la policía secreta de la presidencia colombiana (DAS) dentro del proyecto Salomón, en marzo del 2008, que llegó a interceptar los teléfonos del presidente Rafael Correa.
Según las declaraciones judiciales de los agentes Mónica Cardoso Espinosa y John Jairo Jiménez Rojas, el DAS infiltró a sus agentes en los consulados ecuatorianos de Medellín, Ipiales, Cali y Cartagena, con el objeto de identificar a los diplomáticos, conocer si había agentes de inteligencia ecuatorianos en Colombia e investigar posibles nexos de Ecuador con grupos al margen de la ley.
…
Agentes del DAS activos revelaron el espionaje local
Los nueve detectives del grupo de Contrainteligencia de la policía secreta de la presidencia colombiana, DAS, que han sustentado, en parte, la investigación de EL UNIVERSO sobre espionaje de esa agencia en territorio de Ecuador, dieron sus testimonios judiciales en mayo del 2009 estando en pleno servicio activo y sus relatos fueron aprobados por Gioganna María Sandoval Cortés, jefa de la Oficina Asesora de Planeación y delegada de la dirección nacional para presenciar los interrogatorios.
…
Correa aceptó negativa de Uribe sobre espionaje y Fiscal gestiona ayuda
El presidente Rafael Correa aceptó ayer el desmentido de su par de Colombia, Álvaro Uribe, a la denuncia de espionaje atribuida al Departamento Administrativo de Seguridad (DAS).
Correa ratificó que de momento el Gobierno tomará por ciertas esas declaraciones.
“Es nuestra obligación seguir investigando pero por lo pronto nos quedamos con las explicaciones del presidente Uribe y del DAS, ratificando que no ha habido ninguna clase de espionaje”, insistió en San Pablo, provincia de Santa Elena, donde almorzó después de recorrer proyectos del régimen.
…
About Sigillu
Sigillu offers the safest and most efficient solution to keep your sensitive cellular conversations and text messages secure from eavesdropping.
Technorati
Twitter: follow me
Subscribe to Sigillu Feeds
Recent Comments
Sigillu 