Cell phone eavesdropping enters script-kiddie phase
Black Hat Independent researchers have made good on a promise to release a comprehensive set of tools needed to eavesdrop on cell phone calls that use the world’s most widely deployed mobile technology.
“The whole topic of GSM hacking now enters the script-kiddie stage, similar to Wi-Fi hacking a couple years ago, where people started cracking the neighbor’s Wi-Fi,” said Karsten Nohl, a cryptographer with the Security Research Labs in Berlin who helped spearhead the project. “Just as with Wi-Fi, where they changed the encryption to WPA, hopefully that will happen with GSM, too.”
The suite of applications now includes Kraken, software being released at the Black Hat security conference on Thursday that can deduce the secret key encrypting SMS messages and voice conversations in as little as 30 seconds. It was developed by Frank A. Stevenson, the same Norwegian programmer who almost a decade ago developed software that cracked the CSS encryption schemeprotecting DVDs.
GSM insecurity is largely the result of widely known weaknesses in A5/1, the algorithm used to decrypt calls in most of the developed world. Years ago, mobile operators devised A5/3, which requires some quintillion more mathematical operations to be cracked. It has yet to be adopted as mobile operators fret that the change will be expensive and won’t work on older handsets. Many countries continue to use A5/0, which uses no meaningful encryption at all.
No comments yet.