Skip the navigation
News

Researchers: GSM mobile security on the ropes

Privacy and data put at risk, researchers say at Black Hat

By Jeremy Kirk
March 28, 2008 12:00 PM ET

IDG News Service - AMSTERDAM -- The security of the most widely used standard in the world for transmitting mobile phone calls is dangerously flawed, putting privacy and data at risk, two researchers warned at the Black Hat conference here today.

Researchers David Hulton and Steve Muller showed at a Black Hat event in the U.S. last month how it was possible to break the encryption on a GSM (Global System for Mobile Communications) call in about 30 minutes using relatively inexpensive off-the-shelf equipment and software tools. Hackers could listen in on phone calls from distances of up to 20 miles or farther away.

The researchers are still refining their technique, which involves cracking the A5/1 stream cipher, an algorithm used to encrypt conversations. In about another month, they'll be able to crack about 95% of the traffic on GSM networks in 30 minutes or faster with more advanced hardware.

Their research has been motivated in part by the absence of a more secure encryption method despite years of warnings about GSM.

"Ultimately, we are hoping that the mobile operators actually initiate a move to secure their networks," Muller said. "They've had about 10 years, and they haven't done it. In my opinion, there is only one language that they speak -- that's called revenue. As soon as they lose the revenue, they will actually change."

Since 1991, when GSM networks debuted, the integrity of their security has declined as researchers investigated. In 1998, the A5/1 and the A5/2, a weaker stream cipher, were broken.

Commercial interception equipment, which can cost up to $1 million, is now available to eavesdrop on calls. Hulton and Muller were game for a challenge and wanted to do it more cheaply.

For around $700, they bought a Universal Software Radio Peripheral, which can pick up any frequency up to 3 GHz. They modified the software to pick up GSM signals broadcast from base stations. They compared those with signals picked up by a Nokia 3310 phone, which had a software feature that allowed for a peek into how GSM works.

Hulton and Muller studied how a GSM phone authenticates with a base station and sets up an encrypted call. They then built a machine with lots of memory that uses Field-Programmable Gate Arrays, high-powered hardware used for intensive calculations, in order to crack the call's encryption.

The pair now plans to commercialize the technique, although Hulton said they will vet buyers. He said they haven't had any feedback from operators on their research.

Muller warned that faster attacks on GSM will likely emerge, making it more imperative that the mobile industry finds a solution.

"We started [this project] because everyone said we couldn't do it," Muller said. "Attacks will always get better; they'll never get worse."

Reprinted with permission from IDG.net. Story copyright 2010 International Data Group. All rights reserved.
Additional Resources
Forrester Consulting - Optimizing Users and Applications in a Mobile World
WHITE PAPER
Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Mobile and Wireless White Papers
Digital Transformation: Creating New Business Models Where Digital Meets Physical
Individuals and businesses alike are embracing the digital revolution. Social networks and digital devices are being used to engage government, businesses and civil...
Empowering Your Mobile Worker
Today's most productive employees are mobile, and your company's IT strategy must be ready to support them with 24/7 access to the business...
An Interactive Guide: Bring Your Own Device
BYOD presents significant security and management challenges to IT departments who want to take advantage of the trend, but still protect corporate assets....
Calculating ROI for Mobile Client Acceleration
As mobile devices continue to expand in business use, ensuring these devices have optimal performance is becoming an IT imperative. This EMA paper...
Tablet Computing Without Compromise
This paper provides an overview of how and why that migration-from any old tablet to Windows tablets-came to be.
All Mobile and Wireless White Papers
Mobile and Wireless Webcasts
Live Webcast
North Pole to South Seas: Overcoming the Pitfalls of remote Performance
In today's always-on world, connectivity is a business requirement. You need the tools that allow you to operate as if you were on...
Supporting Mobile Productivity With A Limited IT Budget
Join us and hear from Kaseya mobile IT management experts as we discuss core strategies for supporting the mobile revolution on a shoestring...
North Pole to South Seas: Overcoming the Pitfalls of remote Performance
In today's always-on world, connectivity is a business requirement. You need the tools that allow you to operate as if you were on...
Unified Communications 101
What's the best way to implement a unified communications solution for your organization?
QNX® and BlackBerry® PlayBook™ Tablet.
RIM's multi-processor, multi-tasking BlackBerry PlayBook runs a new Tablet OS powered by QNX, a bullet-proof microkernel operating system. This track will take a...
A Close Look at Tablets
Learn More
All Mobile and Wireless Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs