Researcher plots downfall of GSM phone security
Give me 80 PCs and three months, says techie.
By John E Dunn | Techworld | Published: 11:28, 27 August 2009
A US-based researcher has published a new method of attacking the encryption used to secure GSM mobile phones that he believes will force networks to revise the current generation of call security.
Karsten Nohl of the University of Virginia used the the Hacking at Random (HAR) conference in the Netherlands two weeks ago to outline a method of brute-forcing the encryption keys at the heart of GSM's A5/1 security design in a tiny fraction of the time previously required. His motivation, he said, was to force the industry to improve GSM security.
The technique depends on algorithms of his own devising to generate a lookup table of these keys after number crunching using 80 powerful computers for about three months. According to Nohl, once such a project was completed, it would be possible for anyone to use the table to break into any GSM call or SMS message in nearly real time.
To put this advance into perspective, it was previously estimated that creating such a table would take 100,000 years on a single PC and require vast amounts of data to stand any chance of working. Although such resources are available to governments and agencies with money to throw at the problem, Nohl's technique could make GSM sniffing possible for anyone with the equipment necessary to access the call stream or data.
Nohl said he had decided to turn the project into an open source effort distributed as widely as possible not only to speed up the creation of the table but to reduce the possibility of legal interference by the mobile industry. Interested participants would each work on a specific portion of the table, uploading the completed data anonymously using BitTorrent.
"Clearly we are making the attack more practical and much cheaper, and of course there's a moral question of whether we should do that," Nohl was reported as saying in a third-party interview to CNET. "But more importantly, we are informing [people] about a longstanding vulnerability and hopefully preventing more systems from adopting this."
"This not just a one-off event, and is part of a process that has been going on for years," said Simon Bransfield-Garth, CEO of UK call encryption company, Cellcrypt, told Techworld. "It will only take a few months for people to build their own call tables." The problem was that, despite a string of theoretical attacks having been made public in recent years, the industry was still reluctant to change a security technology that dated back to 1987.
He believed that at the very least, companies with a need for call security would be inclined to turn to VoIP call encryption of the sort sold by his company, although he accepted that the main disadvantage of this was the need for expensive software on VoIP-capable phones at both ends of the conversation. Until the critical mass of VoIP improved, the vast majority of mobile phone users would have little choice but to rely on the security offered within GSM itself.