GSM Encryption Cracked: Know Your Risks
The cracking of GSM “encryption” has been making the inter-rounds lately, and this week on the Security Now! Podcast, Steve Gibson takes a look at how badly it’s broken, and what the potential risks are. In simple terms, it means what you say on your iPhone — or any GSM phone, which includes all phones on AT&T, T-Mobile, Rogers, and almost all phones internationally — can be intercepted, decrypted, and listened to if a person has several thousand dollars worth of equipment and the motivation to do it. In more complex terms:
So again, we’re now at the hobby level. We’re at the level where the hobbyist with a couple thousand dollars can – needs to know nothing about radio and even hardware. And even all of the preprocessing steps for demultiplexing the data and analyzing it and performing spectrum analysis and finding the channels and everything, all of that’s been done. There’s even some people have taken – they’re not at the GPL licensing, but they are – so they’re proprietary licenses, but free, but they’re open source and free for personal use, where turnkey packages to pull all this data together have been produced. There’s even one which abstracts this USRP, this Universal Software Radio Peripheral, making it look like a network device so that Wireshark, our favorite packet capture utility, is able to capture GSM packets and decode them and show you all the bits and all the protocols and everything going on in a stream that you capture.
So, I mean, we’re way far along in making this possible. In my opinion, this GSM Alliance is – they’re saying what they have to say politically; but, if they really believe what they’re saying, that they’re in serious denial because this is no longer James Bond government-level sci-fi stuff. It would be entirely possible for a company who wanted to do some surveillance of a competitor to equip a van with some of this equipment, spending only tens of thousands of dollars, park it across the street from a competitor, aim their antennas at the competitor’s building, and spend a day just streaming in, sucking in all of the cellphone traffic that is being transacted by the employees within the building, and then drive the van off and decrypt those conversations offline afterwards and find out what was being said. I mean, it is no longer difficult to do. It’s entirely possible.
It should be noted that the GSMA (GSM Alliance) seems to consider this attack theoretical and impractical for now. If you’re interested in more, check out the audio podcast [MP3 link] or the transcript.
September 12th, 2009 at 8:57 pm
Hope this leads everyone to switch to 4g lte networks. I heard the lte network could outperform wifi.
September 12th, 2009 at 10:42 pm
Considering many people in any major metro area are using 3G I don’t see this being as big an issue as it’s being made out to be. GSM and 3G GSM like UMTS/WCDMA are completely different animals and thus are not subject to the same vulnerabilities.
In order for this vulnerability to work they would have to ensure that all of the conversations they are listening to are occurring on the legacy 2G GSM network and fortunately most places in the US with any significant population have 3G now.
September 12th, 2009 at 10:43 pm
Gibson = self promoting fear monger, and, it would appear, functionally “hard of speaking”.
I’m thinking there is a lot less risk here than meets the eye.
September 12th, 2009 at 11:02 pm
I would have to agree with Icebike… for the most part!
For most of us, there really is no risk. Unless we are a well known person, who is going to go to all the trouble and expense to listen to something that is of no benefit to them. Sounds like a lot of hype to me.
My one word of caution is this. Anytime you express an opinion or say anything by ANY electronic means (cell, email, facebook, text etc…) consider that one day anyone will be able to read it. This makes good business/personal sense.
It something is sensitive in nature, do it in person or don’t do it at all!
Kick Butt
September 13th, 2009 at 4:19 am
I want to emphasize darwin’s point here: 3g sim cards (the USIM application) use a completely different cryptography than 2g SIM cards. This hasn’t been cracked. So only if you’re using an old SIM (more than 3-5 years old) are you at risk. Check your SIM and if you don’t have a USIM ask your operator to replace it. In most cases they’ll send you a new one for free.
September 13th, 2009 at 7:33 am
Well, it’s about time someone listens to me!
September 13th, 2009 at 9:11 am
Dirk, Stupid question. How do I tell how old my sim card is?
September 13th, 2009 at 11:22 am
AT&T has been using only 3G SIM cards for several years now.
September 13th, 2009 at 2:37 pm
Next time I plan a bank robbery, I’m not using my phone. Back to sending out written invites LOL.
September 13th, 2009 at 4:35 pm
Someone should check AT&T’s 3G map again.
September 13th, 2009 at 9:57 pm
Still shocking that nobody points out it’s a federal offense to posses this. Federal ten years in prison seems fun.
September 18th, 2009 at 9:56 am
Is 3G safer? Does it use better encryption than the edge network? I thought AT&T was going to use 2G for more voice calls due to the strain on their data network. When you are talking to someone on the voice network how can you tell what AT&T is using to carry the voice call?