Researchers claim GSM calls can be hacked on the cheap
Filed under: Cellphones
Previous
Editorial: Taking the iPhone 3GS off the job market
myTouch 3G hands-on (with video!)
Olympus E-P1 hands-on, test shots, and mini-review
Wii MotionPlus impressions
HTC Hero hands-on
MacBook Pro (mid 2009) in-depth impressions
Engadget Podcast 154 - 07.11.2009
Breaking news Feed
- Sony Ericsson Rachael UI video leaks out, Kiki comes for the ride
- T-Mobile's myTouch 3G launch event: pre-orders now available
- Google announces Chrome OS, coming to netbooks second half of 2010
- LG teases next-generation Chocolate for August unveiling
- Sony Vaio W netbook now official in US, coming August for $499
- Palm Pre official on O2 and Movistar in Europe, launch "in time for holidays"
- Creative Zii and Zii EGG touchscreen players with HD cameras served up by FCC
- Sony announces VAIO W... netbook!
- Sony Ericsson "Rachael" Android XPERIA handset unveiled?
- Sprint matches Verizon's pace, launching BlackBerry Tour on July 12
Featured stories Feed
- How would you change Sony's OLED Walkman?
- Editorial: Taking the iPhone 3GS off the job market
- Video: Toshiba TG01 gets UK launch, we handle it again
- Ask Engadget: What's the best nettop out there now?
- HTC Hero vs. T-Mobile myTouch 3G... fight!
- Switched On: With Google, this is not your father's OS war
- myTouch 3G hands-on (with video!)
- T-Mobile's myTouch 3G launch event: pre-orders now available
- Verizon BlackBerry Tour 9630 review
- How would you change the Palm Pre?
Engadget Video
- Weekly Webcomic Wrapup is celebrating 7-Eleven
- Star Wars: The Old Republic's voice acting process detailed
- PSP version of Myst hitting PlayStation Network July 16
- (Another) Michael Jackson video game on the way, scheduled for a 'holiday release'
- EA quietly opens '8lb Gorilla' to make smaller iPhone games
Resources
Sections
WIN Network
- Autos
- Technology
- Lifestyle
- Gaming
- Entertainment
- Finance
- Sports
- Also on AOL
Reader Comments (Page 1 of 2)
Shadowfox952 @ Feb 21st 2008 10:14PM
I'm pretty sure the real hackers don't look as good as those two in the picture.
Izzy @ Feb 22nd 2008 8:54AM
The one on the right is Angelina Jolie. There are very few people who look as good as her, let alone hackers 8-)
E71 @ Feb 22nd 2008 9:47AM
What? Purple and with writing on their faces?
Jake E. @ Feb 21st 2008 10:15PM
Dang and I just signed a 2 year contract for AT&T to get my iPhone...
Applehater @ Feb 21st 2008 10:20PM
haha sucks for you.
good thing I got the voyager with verizon which is better than the iphone anyways.
CUBSWILLWIN @ Feb 21st 2008 10:52PM
cheaper, yes. Better, not that much really...
nerdtalker @ Feb 22nd 2008 12:56AM
This is so old news I had to roll my eyes. Still scary if you're on a GSM network, however.
A5 and A3 are both cracked, basically:
http://www.hackaday.com/2007/08/11/cccamp-2007-gsm-a5-cracking/
http://www.hackaday.com/2008/02/15/shmoocon-2008-intercepting-gsm-traffic/
I could paste like 4 other examples, but you get the point.
It isn't extremely difficult, either. A GSM radio box, a few powerful computers (get a bunch of PS3s up in a grid, and you're golden), and some software. The few examples I've seen are full decryption within 5 minutes of a call being placed. It's literally so easy to do that a few friends of mine (granted, two are physics Ph.Ds, one an MSE grad student, and the other CS and ECE Ph.D) are going to set one up just to see the subtle nuances in the different techniques.
Keep in mind, that A3 is a particularly weakened version of A5 that is used in soviet-bloc countries so mother Russia can listen in whenever they felt like it. Weaknesses in that cypher are what led to A5 being cracked in relatively short time from the lessons learned.
Frankenstein Black @ Feb 22nd 2008 8:03AM
nerdtalker you are dead on.
Love how these US hackers are catching up to something that has been done and published in EU for yeeeeears! Well sorry hacker dudes. You are a "day late and a dollar short". Operators use TMSI to mask the real IMSI and have deployed A5/4 and A8 some time ago. Even the new SIMs stop using COMP! Now go back to your focus on iPhone hacks and leave the networks to the profesionals, thank you.
cubing @ Feb 21st 2008 10:16PM
it that young Angelina Jolie before me?
webon @ Feb 21st 2008 10:51PM
yep, as hot as usual too
Beau @ Feb 21st 2008 11:44PM
with sex on her nose no less
AKBlade13 @ Feb 21st 2008 10:18PM
Oh my god! I watched that in my Intro. Comp. Systems class.
Never got to finish it but good job Engadget for bring up an old school movie (albeit cheezy).
Anyway...that doesn't seem good and the process is getting cheaper eh?
Hope this hacking can be reudced back to its "nothingness".
AKBlade13
Aguiluz @ Feb 21st 2008 10:18PM
Unless they show a video, I won't believe this. Come on, repeat the experiment, then video it.
Cameron @ Feb 21st 2008 10:20PM
hackers is by far the greatest feat of cinematography i have ever seen.
Gian @ Feb 21st 2008 10:33PM
"using inexpensive tools called field programmable gate arrays"!?! *SLAP* And you call yourself a geek. You should be ashamed. You make it sound like FPGAs are something rarely used and/or cryptic. They're found in just about every electronic device with any sort of intelligence made today.
The ability to obtain the cipher key for the GSM A5/1 algorithm has been known for several years. It can be gotten with a few minutes of known plaintext and the corresponding ciphertext. Now, if they have a way to get the key without a plaintext starting point, that would be impressive. But, I doubt it.
athousandleaves @ Feb 22nd 2008 12:45AM
Check Hack-a-day they posted this last friday.
jimmy @ Feb 22nd 2008 7:43AM
I had the same reaction to the article stating that FPGAs are some sort of new technology. Glad I'm not the only dummy that reads this blog
However they are NOT in the majority of consumer products. any tech manufactured with a high yield is probably using ASICs and not FPGA unless they actually need to be field programmable for whatever reason. They are very common in prototyping and small yield projects
thenino85 @ Feb 22nd 2008 11:16AM
I had exactly the same response. I thought I took a class in FPGA development because it was so commonplace to use FPGAs as a prototyping tool that any computer engineer worth their salt would at least know the basics. At least that's what my EE department told me. Here I discover that FPGAs are exotic and mysterious. Guess I just wasted 4 credit hours of my life.
paul34 @ Feb 21st 2008 10:37PM
The government doesn't need expensive equipment, even for CDMA.
It's as easy as calling the carrier, telling them to except a few visitors, then plugging in some headphones and listening for a few hours. Bingo, done. No warrant, no accountability, it truly is the sweet life.
Oh the sweet smell of burning civil liberties. Down with your freedoms, you puny Americans! I mean, citizens.
Carbonize @ Feb 22nd 2008 3:12AM
Yeah people don't seem to understand how mobile phones work. They seem to be under the impression that the signal is encrypted for the entire journey from you to the other party.
The reality is the call is encrypted between you and the exchange you're connected to but the exchange then decrypts it to send on to where ever it is going. If it is then going on to another mobile your exchange sends it to their exchange unencrypted and then their exchange encrypts it before sending it to them.
Eric @ Feb 21st 2008 10:37PM
I saw the brief yesterday. Really cool stuff, and scary. Like how your IMSI info is transmitted in plain text... and how a lot of SIM cards can theoretically run Java in the background without end user interaction...
There are some limitations to this tech though. You would have had to pre-record the 'encrypted' conversation or SMS signal (doesn't do data for now), and play it back to your computer to decode. The technology has to brute-force the generated key with rainbow tables (which is where the FPGAs and over 2TB of storage come in). And if you did this at home for $1,000, it will probably take 1-2 hours to break the key on a conversation (any length). The cool stuff is how they're going to build a workstation with like 68 FPGAs in it! For about $100,000 of course. THIS setup will break the key in about 30 seconds. I tell you, I saw the demo, and man, the stuff they're working on makes me want to put my IPhone in a Faraday cage and never call with it again. ;)
robotrock @ Feb 21st 2008 10:37PM
hakk da gibson!!!!
caleb @ Feb 21st 2008 10:55PM
Hack the Gibson?!?
Hack the Planet!!!
hp540 @ Feb 21st 2008 10:40PM
oh Hackers...movie brings back great memories.
Griff @ Feb 21st 2008 10:43PM
I knew having crappy phone selection (cdma / sprint) would pay off eventually.
CUBSWILLWIN @ Feb 21st 2008 10:54PM
I got the mogul, which isn't really crappy. Sprint does have some nice phones but HTC messes theirs up because they always have missing drivers.
roflercopterer @ Feb 21st 2008 11:35PM
Mogul + $15 EVDO FTW
Joe @ Feb 21st 2008 11:41PM
Having EVDO service 100% of the time really sucks too.
DonatoM3 @ Feb 22nd 2008 11:47AM
I've had Sprint for 7 years now. Up until about 3 years ago their phone selection was definitely behind their GSM bretheren and that's mostly because alot of manufacturers didn't want to design for CDMA since CDMA phones couldn't be easily ported over to different networks. I expect that to change once Sprint and Verizon let unlocked CDMA phones on their network. Sprint even lets you go online now and change which phone is active on your account without calling a rep.
muratbiskin @ Feb 21st 2008 10:44PM
wow
Bassir @ Feb 21st 2008 10:44PM
I'm not really sure "hackers" want to hear me having a chat with my mother about the laundry.
luketc @ Feb 21st 2008 10:48PM
If one wants to be a Hacker, he or she is merely required to roller blade around high school and connect his or her portable computer to a public pay phone. This clearly grants access to all of the data one would ever need in order to hack stuffs.
CUBSWILLWIN @ Feb 21st 2008 10:55PM
have you ever seen a payphone with a USB slot?
pg5of16 @ Feb 22nd 2008 2:26PM
Have you ever seen the movie Hackers, Cubs?
robotrock @ Feb 21st 2008 11:23PM
who needs usb when you have a P6 chip?! Triple the speed of a pentium!
makishima @ Feb 22nd 2008 10:02AM
@robotrock
You sir, win.
wormbo @ Feb 21st 2008 11:02PM
Because 288 quadrillion encryption keys is never enough.
wormbo @ Feb 21st 2008 11:03PM
Seriously.
sinai @ Feb 21st 2008 11:16PM
there's more seedy activity going on AT sprint wireless than ON their network. trust me.
N30 G30 @ Feb 21st 2008 11:21PM
They're crackers, not hackers. Hackers are programmers. Hackers create not destroy.
The media destroyed the term "hacker" because it was more catchy (or less likely to be politically incorrect.)
sinai @ Feb 22nd 2008 12:02AM
i always thought
hackers = people who use decryption methods to gain access to privy data.
crackers = white people.
i could be wrong about hackers though
ClaMs @ Feb 22nd 2008 4:52AM
I lol'd! :D
N30 G30 @ Feb 22nd 2008 6:32AM
Common mistake.
Hack = a piece of code used over and over again throughout a program. Of course, every high level programmer basically does this now with object oriented languages but it was more signifcant back then.
Crackers = Think cracking a safe. People that breaks in to systems for security reasons, stealing, fun, or forgetting the password to that machine. :P
Dr Buzz0 @ Feb 22nd 2008 12:15AM
CDMA tends to be a lot more secure because of the spread spectrum aspects of it which mean standard radio reception equipment won't work. GSM is TDMA and is much easier. Receiving the data is no problem but it's encrypted so you would just get a nonsensical bitstream unless the encryption could be cracked or backdoored. My understanding is that the standard GSM encryption has a couple of flaws which have been documented so this doesn't surprise me too much. The next generation GSM 3G systems are pretty secure but even in the new systems most voice traffic still uses the legacy circuit switching GSM TDMA and not the WCDMA UMTS/HSDPA which is considerably more complicated to attack.
obn4uticus @ Feb 22nd 2008 12:35AM
Researchers, lulz. How about normal users
here all you guys go:
http://wiki.thc.org/gsm
Have fun carcking A5 encryption
evengrift @ Feb 22nd 2008 1:39PM
Lulz, read your own link, broken 9 years ago. You think no one out there has coded it? Are you completely daft? We know A5 gets hacked, its just not worth the effort. Anyone who cares enough already has access to your warez via echelon/carnivore/spawn..
obn4uticus @ Feb 22nd 2008 7:31PM
You apperentally care, and it's not in the fucking post so I think it's good that the people have it dickwad.
obn4uticus @ Feb 22nd 2008 7:34PM
And no it wasn't broken nine years ago, otherwise it wouldn't be cached here
http://64.233.167.104/search?q=cache:xZAKxfKXkmcJ:wiki.thc.org/gsm+http://wiki.thc.org/gsm&hl=en&ct=clnk&cd=1&gl=us&client=firefox-a
Fucking nubtard.
DarCowAlways @ Feb 22nd 2008 2:02AM
We've gone a long way from string telephones and the electrical tapping...
MrGuru @ Feb 22nd 2008 2:42AM
Finally i can catch that cheating bitch! Victory is mine!