Security Researchers Crack Wireless GSM Encryption
Security researchers have announced the development of a ultra-fast method of cracking wireless GSM encryption in 30 minutes or less. The 64-bit encryption algorithm was cracked in theory over 10 years ago, but the development of new technology has exploited the vulnerability on a timescale that poses a serious threat. GSM is used by many mobile companies worldwide, including T-Mobile and AT&T in the United States. With a GSM wireless frequency receiver and the proper resources, hackers will be able to eavesdrop on phone conversations and text messages at will. Fortunately, the technology is currently not cheap. The developers are charging $1,000 for a solution that cracks GSM in 30 minutes, and $100,000 for a solution that cracks it in 30 seconds. Still, the potential for privacy invasion in the future is tremendously daunting.
Who else is ready to switch to Verizon or Sprint?
Source: http://www.informationweek.com/story/showArticle.jhtml?articleID=206800800&cid=RSSfeed_IWK_All
Comment by robert
February 24, 2008 @ 5:11 pm
I found it interesting that one of the techniques for listening in on phone calls involves pretending to be a GSM base station and tricking phones into connecting through them – sort of like our MITM/SSL attack.
For the time being, the cost of setting up a base station seems like it will keep out amateurs and spammers. But if the cost went down, it seems like it would be possible to interfere in peoples’ conversations (as opposed to just listening). Imagine walking past a shop on the street and having your conversation interrupted by an advertisement for all the nice things you could buy in the store…
Comment by jkivligh
February 24, 2008 @ 5:41 pm
I wonder how much security people really expect from their cell phones. I remember way back when when I could use an old ham radio and pick up people’s phone conversation (I don’t know if those were wireless handsets or cell phones). Call me paranoid, but I operate under the assumption that the lines aren’t secure. Encryption aside, the telephone company has the ability to record whatever they’d like.
Comment by chrt00
February 24, 2008 @ 9:46 pm
It seems like $1,000-$100,000 is a small price to pay to compromise someone’s privacy, if one has particularly important assets. The equipment is reuseable, so that puts a large number of people at risk. Consider tapping into a CFO’s line, and being able to make trades with insider information.
Comment by chrislim
February 25, 2008 @ 10:59 am
The good news is that the GSM encryption scheme is already being updated and for people with very important assets, alternative networks are available (plus cryptophones, etc.), so while this technology makes eavesdropping easier, it does not seem to immediately result in a significantly greater risk impact than the current risks associated with any cellphone conversation.
I was actually surprised by this article because I assumed that cellphone conversations were easy to listen in on (my assumption is probably due to the portrayal in movies of the simplicity of wiretapping…lol).
Comment by Jessica
February 25, 2008 @ 10:10 pm
It still amazes me that things like this can be legally sold.
Comment by Rafael
October 31, 2008 @ 3:36 am
I’m using PhoneCrypt (www.phonecrypt.com) to secure my conversations and dates, it’s developed by
securstar.
It’s very good, works perfectly.
I recommend!