Computerworld
Quick Menu
Search



Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Mobile/Wireless Computing
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Researchers figure out how to crack GSM phone security

By John E. Dunn
Comments
2
Recommended
145

Active Comments

Anonymous says: They fail to mention that you would have to either modify an existing receiver or illegally import a receiver that...
Read the rest | Reply
Aardvark says: With the slow migration to 3G services and W-CDMA in place of GSM this issue will be moot. Granted it...
Read the rest | Reply
All Comments (2) | Post New


February 21, 2008 (TechWorld.com) Two enterprising researchers claim to have figured out a way to eavesdrop on calls made using GSM mobile phones, cracking open its much-vaunted encryption.

According to David Hulton and Steve Muller, who presented the technique at the Black Hat security conference in Washington this week, GSM calls can now be recorded over long distances and cracked open in half an hour using only $1,000 worth of field-programmable gate array-aided computer equipment and a frequency scanner.

Although GSM's 64-bit A5 stream cipher has been theoretically vulnerable for some time, this is the first time anyone has demonstrated a way of doing it without investing in expensive, specialized equipment and without it taking years.

According to Hulton, spend $100,000 on hardware and the crack can be done in only 30 seconds using massively parallel processing technology. His company, Pico Computing Inc., is now developing the fast version to sell to agencies such as law enforcement, but plans to give away the slower version for free.

GSM is used all over the world by mobile phone companies, and is used in the U.S. by several networks, most notably AT&T and T-Mobile. It is considered to be secure enough that even criminals use it, simply cycling phones to avoid the theoretical risk of being tracked.

The "attack" depends on exploiting a vulnerability in the way GSM sets up calls. Assuming attackers were able to find out a phone's mobile subscription identification number and built-in hardware ID -- garnered by sending a text message to that phone, say -- they would have enough information to isolate calls from that phone.

Because networks set up some frames of the call security exchange using the same plain text scheme, throw enough hardware at the problem and the encryption can be forced open by using mathematical tables. "If we know the plain text, we can derive exactly what is coming out of A5," Hulton was quoted as saying at the presentation by sources.


Reprinted with permission from

For more enterprise technology news from the U.K., please visit TechWorld.com. Copyright 2006 IDG, all rights reserved.

Make a Comment Recommend Story Slashdot this Digg this
Print Story Send Feedback Email this Reprints

Related Content

Webcast: The Secure Web Gateway. Mission Critical For Business
Whitepaper: Rapid E-Learning: Maturing Technology Brings Balance and Possibilities

CW Report: An Apple for Your Enterprise?
Spyware case finally closed for teacher Julie Amero
Judgment favors Novell in ongoing SCO case
Symantec sees spike in dangerous Microsoft attacks
Businesses see smartphone use rising, survey shows
Elgan: Why the downturn can be good for digital nomads

Today's Top Stories

Microsoft moves to quash 'Vista Capable' case, end flood of embarrassing e-mails
Bush's exit to put new e-records system to the test
BlackBerry Storm buyers brave the cold in Boston to be first with the new smart phone
Apple patches 12 iPhone bugs, adds Street View, podcast downloads
Microsoft purges phony security software from 1 million PCs
Obama's choice for DHS could flame tech visa battle

What People Are Saying

See comments | Add new
See comments | Add new

Resource Alerts

to receive Mobile and Wireless Resource Alerts

Webcasts

Mobile Broadband Reveals New World of Notebook Productivity

Mobile Device Management: Wresting Order from Chaos

The Secure Web Gateway. Mission Critical For Business

Whitepapers

Best Practices for Delivering Virtual Classroom Training

Delivering on the Promise of ELearning

Rapid E-Learning: Maturing Technology Brings Balance and Possibilities

Computerworld Reports

Mobility @ the Speed of Business

Computerworld Report- Large Enterprises Pay More for IPAM

An Apple for Your Enterprise?

Editor's Picks

Microsoft moves to quash 'Vista Capable' case, end flood of embarrassing e-mails

Bush's exit to put new e-records system to the test

BlackBerry Storm buyers brave the cold in Boston to be first with the new smart phone

Apple patches 12 iPhone bugs, adds Street View, podcast downloads

Microsoft purges phony security software from 1 million PCs

Obama's choice for DHS could flame tech visa battle

White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Infoblox IP Address Management Solutions Brief
2008 Internet Malware Trends Report
Enterprise Findability Without the Complexity
View more whitepapers 
 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.