Feeds

back to article Hackers crack crypto for GPRS mobile networks

A cryptographer has devised a way to monitor cellphone conversations by exploiting security weaknesses in the technology that forms the backbone used by most mobile operators. Karsten Nohl, chief scientist of Berlin-based Security Research Labs, said the attack works because virtually all of the world's cellular networks deploy …

COMMENTS

This topic is closed for new posts.
Flame

Dear Network Operators

Sort it out!

They've had more than a decade to get their ducks in a row and haven't done nearly enough to protect their networks.

6
0
Silver badge
Big Brother

Encryption

If the network operators do "sort it out", how many governments around the world are going to ban mobile phones as they can no longer listen in whenever they want?

3
1
Mushroom

Buzzword bingo

Indeed! These companies should be singing from the same sheet to leverage the synergy created by a performant globalization of best-of-breed services, and industry standard best practices, all hammered out in a whitepaper.

11
0
FAIL

@velv

The call is decrypted once it hits the carrier's network anyways so it can be monitored no matter what encryption is used between the cell tower and phone.

3
0
Coat

Encryption

Likely, the "feature phones" or the even dumber ones would lose battery life having to encrypt/decrypt 128+bit comms. Perhaps this is a way to mask the battery drain from having signal towers too far apart?

1
1
WTF?

Oh noes!

Now the News of the Screws will find out about my 'Uh dear I'm on the train, be home soon' calls. The world is about to end....meh!

0
6
bh
Big Brother

not their fault....

seem to remember governments insisted they made it weak to make it easier for them to intercept calls...

2
1
Silver badge

Monitor cellphone conversations

My reading of the article is that he claims to have broken the GPRS *data* service. So unless you're using it for VoIP traffic, this has nowt to do with voice interception. GSM remains just as vulnerable as before ;)

2
0

VOIP

And if you're using something like Skype, then the VOIP traffic itself should be heavily encrypted anyway

0
0

This post has been deleted by its author

Mushroom

Not Really

Skype's encryption may be secure but their implementation is still vulnerable to a sidechannel attack analyzing outgoing bitrates, and it's a fairly simple analysis at that

http://www.esecurityplanet.com/news/article.php/3930886/Side-Channel-Attack-Beats-Skype-Encryption.html

Edited for exhaustion induced errors

0
0
WTF?

Now, really... ?

I was under the impression that GPRS essentially used GSM authentication. Meaning, a GSM or circuit switched connection was made first, 'through' the HLR and the AUC [Authentication Centre]. a GPRS PDP Context is made, after this, either on demand or 'permanently', but, none the less, on the back of the GSM.

Or am I pudding ?

0
0
Silver badge

Governments don't need to decrypt it.

When the gubberment want to know what you're doing on the phone they ask the mobile operator to intercept the calls. They don't need to listen in to your mobile and decrypt the over the air traffic. That is Vodorange2's job, they hand over the clear voice to the "authorised" dept.

The GSM encryption is only for over the air traffic, it isn't end point to end point.

There used to be a rumour that GSM in France wasn't encrypted since the French didn't used to allow any form of encryption.

The problem the operators face is that no encryption system should be viewed as safe. Properly implemented quantum might well be, but that relies on the proper implementation. Lets face it the German enigma system was unbreakable by 1940s technology, but the actual implementation and usage punched great big wholes that could be exploited. Anyway, any encryption system should be seen as having a finite life. You have to be prepared to move on. Sufficient flexibility needs to be built into all the hardware, and that would include your phone, to allow for regular upgrades to the security. I've no idea whether that was taken into account when the GSM standard was written. But it is usually the weakness.

3
0
IT Angle

This Is A Non Story

The idea that somebody is publishing a report in 2011 on cracking GSM/GPRS/UMTS security in cetral Europe is a joke, and everybody who takes it at face value is being duped.

I'm not giving away any secrets when I say that back in the 90s, there was an agreement between the Federal authorities and the MNOs that encryption over the network would be 'crippled', so that 'government agencies' could decrypt in real time, without access to the network infrastructure.

The real story is one of collusion between Governments and Operators, this 'scientist' should be nominated for an ignoble.

2
4
Thumb Down

Any "Official" encryption standard...

...can be read by the government with ease. This is why RIM is being given such a hard time as their encryption was not designed by the NSA and therefore reasonably secure.

1
2
FAIL

GPRS != Calls

Ummm, GPRS as in General PACKET Radio Service

That would be the data services then not your calls, unless you want to try some really crappy VoIP over that kind of connection.

So they can snoop on your browsing traffic, hey welcome to the Internet, you are using SSL for the important stuff right?

Get it right Reg.

1
1
FAIL

Author should get his facts checked

GPRS is a data service and transmission protocol, therefore breaking or intercepting it does not allow one to intercept or "peek" on calls. It merely allows you to capture data traffic and probably MMS messages, at best.

1
1

GPRS != your conversations

Cracking GPRS allows you to intercept people's data, not their conversations.

1
1
Silver badge
WTF?

Why would...

... "government entities" need to listen in, unless they're doing it illegally?

Legal intercepts are done at the switch. Court orders for such usually come with a gagging clause preventing disclosure of the existance of an order, or an intercept.

If the grumble mill is accurate about the reasons for weak cyrpto this raises a whole barrel of worms about human rights issues and state entites exceeding their authority.

4
0
Big Brother

Old News

Unfettered access to the UK telephone network has been available to the spooks for a long while now. I cant see how the same access is available from the mobile operators. I would reckon it would be a condition of the operators license.

1
1
Stop

Look at History

If you go back to the history of the GSM networks developing out of the analogue ones it was interesting. The analogue mobile phone networks were completely unencrypted. When the GSM standard was being drawn up we were still in the tail end of the cold war. Germany lobbied hard to have strong encryption on GSM, France and Britain lobbied hard for only weak encryption. It was believed at the time that Germany lobbied for strong encryption to stop the Eastern Bloc from listening in on phone messages. France and Britain won. No one has bothered to try and change this since, probably because of government intervention.

2
0

He is gonna do that at a German event

Doesn't Germany have the laws about providing tools that could be used to do hacking?

I would think of another venue to reveal and release that information.

0
0
Gold badge
Boffin

A few pointers

GPRS is a *data* transmission standard separate from voice. it is one (of lots) of standards within the whole GSM standards package.

In the 2nd decade of the 21st century it is p**s poor that *all* subscriber data channels on *all* networks are not encrypted.

How serious this is to any *real* subscriber depends on what services rely on GPRS for delivery and how much encryption they apply *before* their data goes into it, and how easily it would be to shift to another delivery mode by sliding in a different element in the protocol stack (you did implement your app as a layered architecture, didn't you). I'm not sure what does use it IRL.

*All* GSM neworks have tapping by *authorised* users built into the network standards. Who "authorised" is depends on that countries record on observing human rights. Hopefully there would be some kind of *legal* oversight and audit trail.

This looks like yet *another* case where the GSM standard relies on "Security by obscurity," which has worked *so* well all the other times the network operators have depended on it in the past. See previous El Reg articles.

And in case anyone thinks I don't think this is a big thing let me repeat that In the 2nd decade of the 21st century it is p**s poor that *all* subscriber data channels on *all* networks are not encrypted.

0
0
Anonymous Coward

MNO - Government Agreement

Back in the Nineties, it was agreed that the x-most significant bits used to encrypt mobile phone comms would be set to 0.

Consequently, governments did not need to ask the MNOs for access to their network, they could decrypt in real time by processing the external intercepts.

Any real German academic would know this (to paraphrase Molesworth)

2
0
Anonymous Coward

2 basic points

Nobody can convince me that GSM operators doesn't "play stupid" to be nice to governments and military. A state of art system also doesn't check the "operator tower" identity too... Who needs terabytes of tables? Just set own tower! All those advanced smart phones will pick it not because they are stupid, it is just not in standard.

Solution is cheap but complex. Use a VPN. Complex part is "trust" and it is not technical. Do you trust that VPN provider? Do you trust your ISP? (if you set own vpn at home).

On the bright side, if you want to fool yourself and lazy... If some organisation is after you to pick your gprs signal or set a fake tower, you are way into deeper issues... Enjoy your remaining life :)

1
0
This topic is closed for new posts.