back to article Moore's Law leaves mobile networks ripe for attack

The GSM mobile standard is wide open for attack, experts have warned, thanks in part to the increasing amount of computing power available to hackers. "Voice interception capability really depends on how much processing power you have," said Aaron Turner, cofounder of security specialists N4struct, speaking at the RSA 2012 …

COMMENTS

This topic is closed for new posts.
  1. Alister

    final solution

    "He advised countries to check the record of their local supplier, disable software updates, and consider leaving the phone at home altogether."

    In fact, you could connect the phone by a wire to a central point, which then connects you to the world, thus avoiding using GSM altogether.

    Wait, what do you mean, it's been done?

  2. Anonymous Coward
    Anonymous Coward

    And?

    I'm assuming that this is specifically GSM (i.e. 2G) and GPRS (a 2+ G technology).

    GSM is old and somewhat broken, the security keys that it should use (for encryption) are often off by default for many smaller carriers, because the equipment providers insist on charging more for what is really a standard feature of GSM.

    There are so many ways that GSM can be hacked that 2G really shouldn't be considered as a safe option anywhere.

    1. Steve Gooberman-Hill
      Alert

      Re: And?

      Get outside any major city and it's a million quid to a pint of warm beer you will be on GSM.

    2. markoer
      Stop

      Re: And?

      The encryption algorithm has very little to do with the kind of service - 2G, 3G or 4G - you are able to receive on your mobile.

      The most common encryption algorithm found today - and the one the CCC has "cracked" - is A5/1. A5/3 upgrade is available for 2G networks as well, and AFAIK it has not been challenged yet.

      The problem is that old BTSes may require expensive upgrades to support A5/3. This is where the problem lies.

  3. Anonymous Coward
    Anonymous Coward

    yawn...

    so basically what Chaos Communication Congress has been *demonstrating* for years?

    so good of RSA to keep up...

  4. John Smith 19 Gold badge
    Unhappy

    rising processor power -> "uncrackable" sytems become crackable

    And "Security by obscurity does not work very well either." Which GSM party relied on as well.

    One the people who specify standards that involve *security* elements will realize that a standard that does not expect to *evolve* over time will become obsolete.

    DES was the classic case of this.

    So 3G is *supposedly* (IE when security features *properly* implemented, switched on and configured) is more secure, but for how *long*?

    Remember DES? secure in its day but probably used *long* after people from the NSA down could crack it. Only deprecated when the EFF *built* hardware to prove a crack in < 3 1/2 days was *well* within the budget of crime cartels or successful terrorist groups (or < 3 1/2 minutes if you're Elon Musk and wanted to get a *whole* lot richer fast).

    1. markoer
      Stop

      Re: rising processor power -> "uncrackable" sytems become crackable

      GSM specifications are - and always were - very open and available publicly. The fact that people don't bother reading through hundreds of pages of specifications doesn't make them "obscurity".

      1. John Smith 19 Gold badge
        FAIL

        Re: Re: rising processor power -> "uncrackable" sytems become crackable

        "GSM specifications are - and always were - very open and available publicly."

        Mostly.

        That IIRC did *not* include some of the encryption algorithms used in specific levels of the protocol and very far from generally available. Their circulation was *much* more restricted.

        Surprise. It turns those protocols *could* be reverse engineered and broken, with the difficulty level falling in line with Moore's law.

        Once you put SBO into your plans to extend the life of a protocol (*rather* than say limited life, upgrade path or "retirement" test based on when a certain level of MFLOPs of processing power becomes available through an HPC system) you're looking at *guaranteed* fail

  5. Mark 65

    Extras

    Some of the extra points made about mobile tracking and covert recording using the microphone just highlight why you really want a removable battery as a fall-back option.

    1. Anonymous Coward
      Anonymous Coward

      Re: Extras

      Are you suggesting the Fruity Ones might be in league with others intent on hacking mobile phones?!

  6. Matthew Elvey
    Flame

    Anyone willing to help me find my stolen GSM phones then?

    So given the IMEI, it's not hard to brute force ones way into a phone! It ticks me off that AT&T and T-Mobile are unwilling to help recover phones unless served with a court order.

    My Android and iPhone were stolen recently. I have the IMEIs. (Well, I was pickpocketed of the former and left the latter in a restaurant, so arguably the latter isn't theft.)

    I guess I could head over to the RSA conference and find Aaron Turner. I guess I could find the CCClub-published info mentioned and do it myself. I'm reachable at 7-M-Elvey in the SF area code.

  7. 777_777
    Thumb Up

    go fully secure

    One of the most cooles secure mobile solution we have developed for military, government and private organizations protects from everything: attacks over bluetooth, gsm, sms, mms, furthermore it protect against drive-by and app malware and also 0-day exploits:

    http://www.youtube.com/watch?v=sZzYDN1MRb8

This topic is closed for new posts.

Other stories you might like