GSM hackable by the masses in a number of months

somanyholes · Sep 14, 2009, 08:03:22

Might be of interest to some. Basically in 2003/2004 a group of researchers published a paper advising on weaknesses in gsm. Nothing has really been done by the mobile operators to fix this problem. Therefore security group is currently running a project which will enable anyone with a 2 TB drive, a laptop and some radio equipment (which doesn't cost of the earth)

QuoteA5/1 has operated unchanged for the last 21 years but it has now reached its cryptographic end-of-life, engulfed by the march of Moore's Law. However, the operational end-of-life of A5/1 may still be decades away as there are approximately 2 billion GSM subscribers, commanding about 80% of the global mobile market. This would be a tough product recall indeed. A5/1 is well-positioned to become the NT of the mobile crypto world, and I see the makings of a long tail of GSM vulnerability.

http://lukenotricks.blogspot.com/2009/09/another-crack-at-open-rainbow-tables.html

Rik · Sep 14, 2009, 09:03:05

PayPal are going to have to do some rethinking.

gizmo71 · Sep 14, 2009, 09:08:14

Anyone who relies on GSM as 'secure' is crazy anyway - we all know the gummint is listening!

Quote from: Rik on Sep 14, 2009, 09:03:05
PayPal are going to have to do some rethinking.

What do PayPal *spit* do over GSM? Do they allow transactions over SMS or something?

Rik · Sep 14, 2009, 09:14:22

PayPal send 'tokens' via SMS to authorise transactions.

somanyholes · Sep 14, 2009, 09:15:15

sms is vulnerable to the hack. Many compaines use sms to provide one time security codes and the like, paypal included.

JB · Sep 14, 2009, 12:51:26

I wonder if the Airwave system provided by O2 which has replaced most police, fire and ambulance analogue communications will suffer from the same security flaw. As far as I know it uses GSM technology but on a lower frequency (380Mhz) than mobile phone communications (900 & 1800Mhz).

Rik · Sep 14, 2009, 12:52:23

It seems likely, JB, doesn't it.

somanyholes · Sep 14, 2009, 13:02:07

QuoteI wonder if the Airwave system provided by O2 which has replaced most police, fire and ambulance analogue communications will suffer from the same security flaw. As far as I know it uses GSM technology but on a lower frequency (380Mhz) than mobile phone communications (900 & 1800Mhz).

I have a feeling that they use additional encryption on top of gsm, a read something about it, god knows where though.

Rik · Sep 14, 2009, 13:03:44

I still miss being able to use my scanner.

somanyholes · Sep 14, 2009, 13:10:40

QuoteI still miss being able to use my scanner. Smiley

Those were the days. Having army landrovers trying to triangulate where you where whilst garden hopping. Not that I would ever have done such a thing of course.

Rik · Sep 14, 2009, 15:16:42

Of course.

JB · Sep 14, 2009, 16:08:59

Quote from: somanyholes on Sep 14, 2009, 13:02:07
I have a feeling that they use additional encryption on top of gsm, a read something about it, god knows where though.

I'm sure that's right.

I too find I have less 'interesting' things to listen to on my scanner these days.

Rik · Sep 14, 2009, 16:39:07

It's a shame, isn't it.

gizmo71 · Sep 14, 2009, 22:14:18

Quote from: Rik on Sep 14, 2009, 09:14:22
PayPal send 'tokens' via SMS to authorise transactions.

Ah, they never do that to me, than goodness!

Rik · Sep 15, 2009, 06:21:15

It's optional, I believe.