A cryptographer has devised a way to monitor cellphone conversations by exploiting security weaknesses in the technology that forms the backbone used by most mobile operators. Karsten Nohl, chief scientist of Berlin-based Security Research Labs, said the attack works because virtually all of the world's cellular networks deploy …
Dear Network Operators
Sort it out!
They've had more than a decade to get their ducks in a row and haven't done nearly enough to protect their networks.
If the network operators do "sort it out", how many governments around the world are going to ban mobile phones as they can no longer listen in whenever they want?
Indeed! These companies should be singing from the same sheet to leverage the synergy created by a performant globalization of best-of-breed services, and industry standard best practices, all hammered out in a whitepaper.
The call is decrypted once it hits the carrier's network anyways so it can be monitored no matter what encryption is used between the cell tower and phone.
Likely, the "feature phones" or the even dumber ones would lose battery life having to encrypt/decrypt 128+bit comms. Perhaps this is a way to mask the battery drain from having signal towers too far apart?
Now the News of the Screws will find out about my 'Uh dear I'm on the train, be home soon' calls. The world is about to end....meh!
not their fault....
seem to remember governments insisted they made it weak to make it easier for them to intercept calls...
Monitor cellphone conversations
My reading of the article is that he claims to have broken the GPRS *data* service. So unless you're using it for VoIP traffic, this has nowt to do with voice interception. GSM remains just as vulnerable as before ;)
And if you're using something like Skype, then the VOIP traffic itself should be heavily encrypted anyway
Skype's encryption may be secure but their implementation is still vulnerable to a sidechannel attack analyzing outgoing bitrates, and it's a fairly simple analysis at that
Edited for exhaustion induced errors
Now, really... ?
I was under the impression that GPRS essentially used GSM authentication. Meaning, a GSM or circuit switched connection was made first, 'through' the HLR and the AUC [Authentication Centre]. a GPRS PDP Context is made, after this, either on demand or 'permanently', but, none the less, on the back of the GSM.
Or am I pudding ?
Governments don't need to decrypt it.
When the gubberment want to know what you're doing on the phone they ask the mobile operator to intercept the calls. They don't need to listen in to your mobile and decrypt the over the air traffic. That is Vodorange2's job, they hand over the clear voice to the "authorised" dept.
The GSM encryption is only for over the air traffic, it isn't end point to end point.
There used to be a rumour that GSM in France wasn't encrypted since the French didn't used to allow any form of encryption.
The problem the operators face is that no encryption system should be viewed as safe. Properly implemented quantum might well be, but that relies on the proper implementation. Lets face it the German enigma system was unbreakable by 1940s technology, but the actual implementation and usage punched great big wholes that could be exploited. Anyway, any encryption system should be seen as having a finite life. You have to be prepared to move on. Sufficient flexibility needs to be built into all the hardware, and that would include your phone, to allow for regular upgrades to the security. I've no idea whether that was taken into account when the GSM standard was written. But it is usually the weakness.
This Is A Non Story
The idea that somebody is publishing a report in 2011 on cracking GSM/GPRS/UMTS security in cetral Europe is a joke, and everybody who takes it at face value is being duped.
I'm not giving away any secrets when I say that back in the 90s, there was an agreement between the Federal authorities and the MNOs that encryption over the network would be 'crippled', so that 'government agencies' could decrypt in real time, without access to the network infrastructure.
The real story is one of collusion between Governments and Operators, this 'scientist' should be nominated for an ignoble.
Any "Official" encryption standard...
...can be read by the government with ease. This is why RIM is being given such a hard time as their encryption was not designed by the NSA and therefore reasonably secure.
GPRS != Calls
Ummm, GPRS as in General PACKET Radio Service
That would be the data services then not your calls, unless you want to try some really crappy VoIP over that kind of connection.
So they can snoop on your browsing traffic, hey welcome to the Internet, you are using SSL for the important stuff right?
Get it right Reg.
Author should get his facts checked
GPRS is a data service and transmission protocol, therefore breaking or intercepting it does not allow one to intercept or "peek" on calls. It merely allows you to capture data traffic and probably MMS messages, at best.
GPRS != your conversations
Cracking GPRS allows you to intercept people's data, not their conversations.
... "government entities" need to listen in, unless they're doing it illegally?
Legal intercepts are done at the switch. Court orders for such usually come with a gagging clause preventing disclosure of the existance of an order, or an intercept.
If the grumble mill is accurate about the reasons for weak cyrpto this raises a whole barrel of worms about human rights issues and state entites exceeding their authority.
Unfettered access to the UK telephone network has been available to the spooks for a long while now. I cant see how the same access is available from the mobile operators. I would reckon it would be a condition of the operators license.
Look at History
If you go back to the history of the GSM networks developing out of the analogue ones it was interesting. The analogue mobile phone networks were completely unencrypted. When the GSM standard was being drawn up we were still in the tail end of the cold war. Germany lobbied hard to have strong encryption on GSM, France and Britain lobbied hard for only weak encryption. It was believed at the time that Germany lobbied for strong encryption to stop the Eastern Bloc from listening in on phone messages. France and Britain won. No one has bothered to try and change this since, probably because of government intervention.
He is gonna do that at a German event
Doesn't Germany have the laws about providing tools that could be used to do hacking?
I would think of another venue to reveal and release that information.
A few pointers
GPRS is a *data* transmission standard separate from voice. it is one (of lots) of standards within the whole GSM standards package.
In the 2nd decade of the 21st century it is p**s poor that *all* subscriber data channels on *all* networks are not encrypted.
How serious this is to any *real* subscriber depends on what services rely on GPRS for delivery and how much encryption they apply *before* their data goes into it, and how easily it would be to shift to another delivery mode by sliding in a different element in the protocol stack (you did implement your app as a layered architecture, didn't you). I'm not sure what does use it IRL.
*All* GSM neworks have tapping by *authorised* users built into the network standards. Who "authorised" is depends on that countries record on observing human rights. Hopefully there would be some kind of *legal* oversight and audit trail.
This looks like yet *another* case where the GSM standard relies on "Security by obscurity," which has worked *so* well all the other times the network operators have depended on it in the past. See previous El Reg articles.
And in case anyone thinks I don't think this is a big thing let me repeat that In the 2nd decade of the 21st century it is p**s poor that *all* subscriber data channels on *all* networks are not encrypted.
MNO - Government Agreement
Back in the Nineties, it was agreed that the x-most significant bits used to encrypt mobile phone comms would be set to 0.
Consequently, governments did not need to ask the MNOs for access to their network, they could decrypt in real time by processing the external intercepts.
Any real German academic would know this (to paraphrase Molesworth)
2 basic points
Nobody can convince me that GSM operators doesn't "play stupid" to be nice to governments and military. A state of art system also doesn't check the "operator tower" identity too... Who needs terabytes of tables? Just set own tower! All those advanced smart phones will pick it not because they are stupid, it is just not in standard.
Solution is cheap but complex. Use a VPN. Complex part is "trust" and it is not technical. Do you trust that VPN provider? Do you trust your ISP? (if you set own vpn at home).
On the bright side, if you want to fool yourself and lazy... If some organisation is after you to pick your gprs signal or set a fake tower, you are way into deeper issues... Enjoy your remaining life :)
- Product Round-up Smartwatch face off: Pebble, MetaWatch and new hi-tech timepieces
- Geek's Guide to Britain The bunker at the end of the world - in Essex
- FLABBER-JASTED: It's 'jif', NOT '.gif', says man who should know
- If you've bought DRM'd film files from Acetrax, here's the bad news
- Microsoft reveals Xbox One, the console that can read your heartbeat