A Django site.
December 29, 2009

Inside Security News
insecnews
is about »
» GSM encryption attack lowers privacy to zero

In Europe mobile phones use the GSM standard to communicate with the carries. Encryption was and still is used to protect the calls and special intercepting abilities are built-in to the standard to assist law-enforcement.

Early versions of GSM use a weak encryption algorithms (e.g., A5/1) that are out of date and everyone now (hopefully) should be using UMTS (3G) (i.e. USIM) which include newer and better encryption algorithms.

What Karsten Nohl [2], his team and contributors have achieved is to utilise the advances in processing power (e.g., CUDA) to pre-calculate a code book[2] that will enable real-time decoding. Obviously the attacker will have to have access to the encrypted packets. This can achieved by setting-up a fake base station.

If you are thinking of doing this in the UK you will need special licence or permission from Ofcom or face the possible consequences [3].

Once again the weaknesses are known and the fact that this type of attack has emerged just demonstrates that relying upon incomputable algorithms is not always the best option. The only way to staying ahead of the game is with new encryption implementations.

Links Used:
[1] - http://news.bbc.co.uk/2/hi/technology/8429233.stm
[2] - http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html
[3] - http://www.ofcom.org.uk/radiocomms/ifi/enforcement/illegalbroadcast/

February 2, 2009

Inside Security News
insecnews
is about »
» BCS: Encryption, how do you feel?

I have received an email requesting to answer these three polls (if you have a minute contribute):

Encryption
I trust encryption technology to protect my data from hackers?
http://www.infosec.co.uk/page.cfm/Action=Poll/pollID=143/nocache=true

Businesses be trusted
I trust businesses (that I use) to deploy encryption technology appropriately to protect my data from hackers ?
http://www.infosec.co.uk/page.cfm/Action=Poll/pollID=144/nocache=true

Government Encryption
I trust the government to deploy encryption technology appropriately to protect my data from hackers
http://www.infosec.co.uk/page.cfm/Action=Poll/pollID=145/nocache=true

The results so far are quite interesting. Encryption is a trusted (A lot @ 54%) method for protecting information. Businesses provide some trust(A little @ 54%) with their methods of protection. Finally, the government seams to be least trusted(Not at all @ 46%) by the people polled. These figures stand true for only this point in time as the polling is still open.