Saturday, January 2, 2010

Are GSM phone calls secure?

Its 2010 and its time to double check the security of GSM phone calls. GSM (Global System for Mobile communications: originally Groupe Sp├ęcial Mobile) is the most widely used standard for mobile communication . The GSM encryption algorithm which was designed 20 years back is of no match to today's computing power or technological advances. GSM's A5/1 function uses a 64 bit encryption key to secure the phone calls which is too insecure considering the cpu power and storage of todays machines.

The algorithm must have seemed a lot more secure twenty years back when cpu cycles were expensive. Nobody cared to replace the A5/1 function when researchers first discusssed practical attacks on GSM.

German security expert Karsten Nohl demonstrated how easy it really is to hack into GSM cell phones,(Read news here) including those used by AT&T and T-Mobile customers in the U.S. He had launched an open-source, distributed computing project designed to crack GSM encryption and have successfully compiled it into a code book that can be used to eavesdrop on gsm phone calls. It is open source and is open to public. This can also mean that your neighbor might be already listening to your calls.

Anyone including you can listen to someone else's phone call. According to the German security expert "All you need is Two USRP radios, a beefy gaming computer, and a handful of USB sticks can already decrypt many calls". Here it goes. You record a call and then decrypt it. Recording requires some radio equipment, which can cost you $1,500[will get cheaper now] . The device is called a Universal Software Radio Peripheral device. One direction of a call can potentially be intercepted from a kilometer away while catching both directions requires you to be in the vicinity of the victim. Decryption is then done using the code book the community produced. The more you spend on the hardware, the faster you can decrypt the call. Commercial interceptors can decrypt within seconds [means less than the time taken by someone to answer an incoming call].

This post is just to make people aware about the insecurities of using a GSM network and is not intended to encourage hacking into it. if more people are aware about this they can force the operators to do something to enhance their security levels. The next generation function : The A5/3 which is used in 3G networks are still considered more secure as they have not been cracked yet.

So in this new year keep your confidential matters in 3G. Happy 3Ging.

TechiSolutions wishes you all a Happy and secure year ahead
L1F3, k33p 1t 51mpL3

A5/1 Security Project
Insecurity Complex

No comments: