[Vanhackspace] Fwd: [A51] GSMA Statement on Media Reports Relating to the Breaking of GSM Encryption

Colin Keigher colin at keyboardcowboy.ca
Thu Dec 31 15:08:04 PST 2009 

I had a good chuckle.

- Colin

-------- Original Message --------
Subject: 	[A51] GSMA Statement on Media Reports Relating to the Breaking 
of GSM Encryption
Date: 	Thu, 31 Dec 2009 22:28:40 +0000
From: 	javier falbo <javier_falbo at hotmail.com>
To: 	<a51 at lists.reflextor.com>



  Here i include the GSM Association feedback from the breaking of GSM.
  Below, my comments.


  http://www.gsmworld.com/newsroom/index.htm


  GSMA Statement on Media Reports Relating to the Breaking of GSM
  Encryption

30 December 2009
GSM networks use encryption technology to make it difficult for 
criminals to intercept and eavesdrop on calls. On most GSM networks, the 
communications link between the handset and the radio base station uses 
the A5/1 privacy algorithm to scramble the signal.
Over the past few years, a number of academic papers setting out, in 
theory, how the A5/1 algorithm could be compromised have been published. 
However, none to date have led to a practical attack capability being 
developed against A5/1 that can be used on live, commercial GSM networks.
Reports of an imminent GSM eavesdropping capability are common. The 
GSMA, which welcomes research designed to improve the security of 
communications networks, routinely monitors the work of groups in this 
area. In 2007-8, a hacking group claimed to be building an attack on 
A5/1 by constructing a large look-up table1 of approximately 2 Terabytes 
– this is equivalent to the amount of data contained in a 20 kilometre 
high pile of books. In theory, someone with access to the data in such a 
table could use it to analyse an encrypted call and recover the 
encryption key.
Another group has announced similar plans in 2009. However, before a 
practical attack could be attempted, the GSM call has to be identified 
and recorded from the radio interface. So far, this aspect of the 
methodology has not been explained in any detail and we strongly suspect 
that the teams attempting to develop an intercept capability have 
underestimated its practical complexity. A hacker would need a radio 
receiver system and the signal processing software necessary to process 
the raw radio data. The complex knowledge required to develop such 
software is subject to intellectual property rights, making it difficult 
to turn into a commercial product.
Today, mobile networks are typically configured to optimise call set-up 
times, capacity and other aspects related to operational efficiency. But 
mobile operators could, if it ever proved necessary, quickly alter these 
configurations to make the interception and deciphering of calls 
considerably harder. Moreover, intercepting a mobile call is likely to 
constitute a criminal offence in most jurisdictions.
All in all, we consider this research, which appears to be motivated in 
part by commercial considerations, to be a long way from being a 
practical attack on GSM. More broadly, A5/1 has proven to be a very 
effective and resilient privacy mechanism. By comparison, inexpensive 
and readily available radio scanners could be used to intercept calls on 
the analogue cellular networks that pre-dated GSM and which did not use 
encryption.
The mobile industry is committed to maintaining the integrity of GSM 
services and the protection and privacy of customer communications is at 
the forefront of operators’ concerns. The GSMA has been working to 
further enhance privacy protection on GSM networks and has developed a 
new high-strength algorithm, A5/3. Over the past decade, export control 
agencies have removed many of the traditional barriers to the sale of 
cryptographic technologies enabling the development and use of A5/3. 
This new privacy algorithm is being phased in to replace A5/1.



----------------------
Comments:


1) *"none to date have led to a practical attack capability being 
developed against A5/1 that can be used on live, commercial GSM networks" :
*
*Reply: *Yes. There are many commercial companies that are offering them 
for u$s 500.000.-!
For instance:
http://www.shoghi.co.in/passive_gsm_interception.htm
More here: http://gsm.my1.ru/load/


2) *"a hacking group claimed to be building an attack on A5/1 by 
constructing a large look-up table1 of approximately 2 Terabytes – this 
is equivalent to the amount of data contained in a 20 kilometre high 
pile of books".*
*Reply: *What does it means 20 kilometers of books? je. It is a CHILD 
comparison... :)

Or simply buy a hard disk from Western Digital (Less than u$s 900)

http://www.wdc.com/en/products/Products.asp?DriveID=733


3) *The complex knowledge required to develop such software is subject 
to intellectual property rights, making it difficult to turn into a 
commercial product. *
*Reply: *There is NO copyright materials in coding an Opensource 
software. GNU Radio is a good example.


4) *Moreover, intercepting a mobile call is likely to constitute a 
criminal offence in most jurisdictions.
*
*Reply: *Wrong Statement, completely wrong. Any judge or the justice 
could order to intercept a call. Intercepting or decoding your own phone 
is not a crime (or it is a crime that they encrpyt your voice without 
permission?). Intercepting third-parties phones is a crime!. Some 
countries such as USA or Britain also focus on the distribution process 
(same as distributing mp3 music files in torrents, warez sites). That 
could be, from my side, the only precaution to take.


5) *This new privacy algorythm is being phased in to replace A5/1.(In 
reference to A5/3 - KASUMI)*
*Reply: *A5/3 is useless now. The algorythm is broken. Imaging in a near 
future intercepting a young and beautiful neiborhood girl Live 3ggp 
video over 3G. :)   (some humour here)


*_Conclusion:_* GSM agency is not responding on the security issues that 
the project advice. Maybe because it could take at least 18 months to 
update worldwide the network, and ALL stations/base must be completely 
replaced. ($$$) and customers must be forced to change their OBSOLETE phone.



Meanwhile, i strongly recommend to include in your phones, voice and sms 
encryption tools in Java, Symbian, Windows Mobile, etc., to have a 
SECURE line with your friends and family. Try to focus on Type I (Suite 
A), III DES or any strong cryptos.



Any further information, do not hesitate to contact me.


Regards,
Javier










------------------------------------------------------------------------
¿Te llegan demasiados emails? Organizate con Hotmail. ¡Creá carpetas 
para todos tus correos! <http://mail.live.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uselessdegree.net/pipermail/vanhackspace-uselessdegree.net/attachments/20091231/fed35cfa/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Attached Message Part
URL: <http://lists.uselessdegree.net/pipermail/vanhackspace-uselessdegree.net/attachments/20091231/fed35cfa/attachment.txt>

More information about the Vanhackspace mailing list