The GSM mobile standard is wide open for attack, experts have warned, thanks in part to the increasing amount of computing power available to hackers. "Voice interception capability really depends on how much processing power you have," said Aaron Turner, cofounder of security specialists N4struct, speaking at the RSA 2012 …
"He advised countries to check the record of their local supplier, disable software updates, and consider leaving the phone at home altogether."
In fact, you could connect the phone by a wire to a central point, which then connects you to the world, thus avoiding using GSM altogether.
Wait, what do you mean, it's been done?
I'm assuming that this is specifically GSM (i.e. 2G) and GPRS (a 2+ G technology).
GSM is old and somewhat broken, the security keys that it should use (for encryption) are often off by default for many smaller carriers, because the equipment providers insist on charging more for what is really a standard feature of GSM.
There are so many ways that GSM can be hacked that 2G really shouldn't be considered as a safe option anywhere.
Get outside any major city and it's a million quid to a pint of warm beer you will be on GSM.
The encryption algorithm has very little to do with the kind of service - 2G, 3G or 4G - you are able to receive on your mobile.
The most common encryption algorithm found today - and the one the CCC has "cracked" - is A5/1. A5/3 upgrade is available for 2G networks as well, and AFAIK it has not been challenged yet.
The problem is that old BTSes may require expensive upgrades to support A5/3. This is where the problem lies.
so basically what Chaos Communication Congress has been *demonstrating* for years?
so good of RSA to keep up...
rising processor power -> "uncrackable" sytems become crackable
And "Security by obscurity does not work very well either." Which GSM party relied on as well.
One the people who specify standards that involve *security* elements will realize that a standard that does not expect to *evolve* over time will become obsolete.
DES was the classic case of this.
So 3G is *supposedly* (IE when security features *properly* implemented, switched on and configured) is more secure, but for how *long*?
Remember DES? secure in its day but probably used *long* after people from the NSA down could crack it. Only deprecated when the EFF *built* hardware to prove a crack in < 3 1/2 days was *well* within the budget of crime cartels or successful terrorist groups (or < 3 1/2 minutes if you're Elon Musk and wanted to get a *whole* lot richer fast).
Re: rising processor power -> "uncrackable" sytems become crackable
GSM specifications are - and always were - very open and available publicly. The fact that people don't bother reading through hundreds of pages of specifications doesn't make them "obscurity".
Re: Re: rising processor power -> "uncrackable" sytems become crackable
"GSM specifications are - and always were - very open and available publicly."
That IIRC did *not* include some of the encryption algorithms used in specific levels of the protocol and very far from generally available. Their circulation was *much* more restricted.
Surprise. It turns those protocols *could* be reverse engineered and broken, with the difficulty level falling in line with Moore's law.
Once you put SBO into your plans to extend the life of a protocol (*rather* than say limited life, upgrade path or "retirement" test based on when a certain level of MFLOPs of processing power becomes available through an HPC system) you're looking at *guaranteed* fail
Some of the extra points made about mobile tracking and covert recording using the microphone just highlight why you really want a removable battery as a fall-back option.
Are you suggesting the Fruity Ones might be in league with others intent on hacking mobile phones?!
Anyone willing to help me find my stolen GSM phones then?
So given the IMEI, it's not hard to brute force ones way into a phone! It ticks me off that AT&T and T-Mobile are unwilling to help recover phones unless served with a court order.
My Android and iPhone were stolen recently. I have the IMEIs. (Well, I was pickpocketed of the former and left the latter in a restaurant, so arguably the latter isn't theft.)
I guess I could head over to the RSA conference and find Aaron Turner. I guess I could find the CCClub-published info mentioned and do it myself. I'm reachable at 7-M-Elvey in the SF area code.
go fully secure
One of the most cooles secure mobile solution we have developed for military, government and private organizations protects from everything: attacks over bluetooth, gsm, sms, mms, furthermore it protect against drive-by and app malware and also 0-day exploits: