A Django site.
May 18, 2010

Inside Security News
insecnews
is about »
» New hosting, twitter feed and stay connected

As mentioned on the old blog we have moved to our new system (faster and no loading errors). A new feature of interest is the twitter feed on the right which is in sync with any tweets the group makes. … Continue reading

December 29, 2009

Inside Security News
insecnews
is about »
» GSM encryption attack lowers privacy to zero

In Europe mobile phones use the GSM standard to communicate with the carries. Encryption was and still is used to protect the calls and special intercepting abilities are built-in to the standard to assist law-enforcement.

Early versions of GSM use a weak encryption algorithms (e.g., A5/1) that are out of date and everyone now (hopefully) should be using UMTS (3G) (i.e. USIM) which include newer and better encryption algorithms.

What Karsten Nohl [2], his team and contributors have achieved is to utilise the advances in processing power (e.g., CUDA) to pre-calculate a code book[2] that will enable real-time decoding. Obviously the attacker will have to have access to the encrypted packets. This can achieved by setting-up a fake base station.

If you are thinking of doing this in the UK you will need special licence or permission from Ofcom or face the possible consequences [3].

Once again the weaknesses are known and the fact that this type of attack has emerged just demonstrates that relying upon incomputable algorithms is not always the best option. The only way to staying ahead of the game is with new encryption implementations.

Links Used:
[1] – http://news.bbc.co.uk/2/hi/technology/8429233.stm
[2] – http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html
[3] – http://www.ofcom.org.uk/radiocomms/ifi/enforcement/illegalbroadcast/
[4] – http://www.ofcom.org.uk/radiocomms/