Callers, your worst nightmare is coming true... maybe. According to a report, a group of hackers at the Black Hat conference in Washington D.C. claim that they're able to hack GSM calls with equipment costing about $1,000. If you believe the team (and we're inclined to at least have a listen), they can decrypt GSM phone conversations and text messages on a network using inexpensive tools called field programmable gate arrays. Until now, the cost of the technology required to hack GSM transmissions has been prohibitively expensive for all but your government and large-scale snooping operations, but that's beginning to change. Not only can this technique allow access to calls, but some of the tech demonstrated at the conference might also enable a user to pinpoint a phone's distance from the surveillance hardware, and find out what type of device is being used. There was no mention of CDMA hacking, so you might want to move over to Sprint for all your seedy activities. Er, we mean stay on Sprint.
posted Feb 21st 2008 10:10PM
I'm pretty sure the real hackers don't look as good as those two in the picture.
The one on the right is Angelina Jolie. There are very few people who look as good as her, let alone hackers 8-)
What? Purple and with writing on their faces?
Dang and I just signed a 2 year contract for AT&T to get my iPhone...
haha sucks for you.
good thing I got the voyager with verizon which is better than the iphone anyways.
cheaper, yes. Better, not that much really...
This is so old news I had to roll my eyes. Still scary if you're on a GSM network, however.
A5 and A3 are both cracked, basically:
http://www.hackaday.com/2007/08/11/cccamp-2007-gsm-a5-cracking/
http://www.hackaday.com/2008/02/15/shmoocon-2008-intercepting-gsm-traffic/
I could paste like 4 other examples, but you get the point.
It isn't extremely difficult, either. A GSM radio box, a few powerful computers (get a bunch of PS3s up in a grid, and you're golden), and some software. The few examples I've seen are full decryption within 5 minutes of a call being placed. It's literally so easy to do that a few friends of mine (granted, two are physics Ph.Ds, one an MSE grad student, and the other CS and ECE Ph.D) are going to set one up just to see the subtle nuances in the different techniques.
Keep in mind, that A3 is a particularly weakened version of A5 that is used in soviet-bloc countries so mother Russia can listen in whenever they felt like it. Weaknesses in that cypher are what led to A5 being cracked in relatively short time from the lessons learned.
nerdtalker you are dead on.
Love how these US hackers are catching up to something that has been done and published in EU for yeeeeears! Well sorry hacker dudes. You are a "day late and a dollar short". Operators use TMSI to mask the real IMSI and have deployed A5/4 and A8 some time ago. Even the new SIMs stop using COMP! Now go back to your focus on iPhone hacks and leave the networks to the profesionals, thank you.
it that young Angelina Jolie before me?
yep, as hot as usual too
with sex on her nose no less
Oh my god! I watched that in my Intro. Comp. Systems class.
Never got to finish it but good job Engadget for bring up an old school movie (albeit cheezy).
Anyway...that doesn't seem good and the process is getting cheaper eh?
Hope this hacking can be reudced back to its "nothingness".
AKBlade13
Unless they show a video, I won't believe this. Come on, repeat the experiment, then video it.
hackers is by far the greatest feat of cinematography i have ever seen.
"using inexpensive tools called field programmable gate arrays"!?! *SLAP* And you call yourself a geek. You should be ashamed. You make it sound like FPGAs are something rarely used and/or cryptic. They're found in just about every electronic device with any sort of intelligence made today.
The ability to obtain the cipher key for the GSM A5/1 algorithm has been known for several years. It can be gotten with a few minutes of known plaintext and the corresponding ciphertext. Now, if they have a way to get the key without a plaintext starting point, that would be impressive. But, I doubt it.
Check Hack-a-day they posted this last friday.
I had the same reaction to the article stating that FPGAs are some sort of new technology. Glad I'm not the only dummy that reads this blog
However they are NOT in the majority of consumer products. any tech manufactured with a high yield is probably using ASICs and not FPGA unless they actually need to be field programmable for whatever reason. They are very common in prototyping and small yield projects
I had exactly the same response. I thought I took a class in FPGA development because it was so commonplace to use FPGAs as a prototyping tool that any computer engineer worth their salt would at least know the basics. At least that's what my EE department told me. Here I discover that FPGAs are exotic and mysterious. Guess I just wasted 4 credit hours of my life.
I saw the brief yesterday. Really cool stuff, and scary. Like how your IMSI info is transmitted in plain text... and how a lot of SIM cards can theoretically run Java in the background without end user interaction...
There are some limitations to this tech though. You would have had to pre-record the 'encrypted' conversation or SMS signal (doesn't do data for now), and play it back to your computer to decode. The technology has to brute-force the generated key with rainbow tables (which is where the FPGAs and over 2TB of storage come in). And if you did this at home for $1,000, it will probably take 1-2 hours to break the key on a conversation (any length). The cool stuff is how they're going to build a workstation with like 68 FPGAs in it! For about $100,000 of course. THIS setup will break the key in about 30 seconds. I tell you, I saw the demo, and man, the stuff they're working on makes me want to put my IPhone in a Faraday cage and never call with it again. ;)
The government doesn't need expensive equipment, even for CDMA.
It's as easy as calling the carrier, telling them to except a few visitors, then plugging in some headphones and listening for a few hours. Bingo, done. No warrant, no accountability, it truly is the sweet life.
Oh the sweet smell of burning civil liberties. Down with your freedoms, you puny Americans! I mean, citizens.
Yeah people don't seem to understand how mobile phones work. They seem to be under the impression that the signal is encrypted for the entire journey from you to the other party.
The reality is the call is encrypted between you and the exchange you're connected to but the exchange then decrypts it to send on to where ever it is going. If it is then going on to another mobile your exchange sends it to their exchange unencrypted and then their exchange encrypts it before sending it to them.
hakk da gibson!!!!
Hack the Gibson?!?
Hack the Planet!!!
oh Hackers...movie brings back great memories.
wow
I knew having crappy phone selection (cdma / sprint) would pay off eventually.
I got the mogul, which isn't really crappy. Sprint does have some nice phones but HTC messes theirs up because they always have missing drivers.
Mogul + $15 EVDO FTW
Having EVDO service 100% of the time really sucks too.
I've had Sprint for 7 years now. Up until about 3 years ago their phone selection was definitely behind their GSM bretheren and that's mostly because alot of manufacturers didn't want to design for CDMA since CDMA phones couldn't be easily ported over to different networks. I expect that to change once Sprint and Verizon let unlocked CDMA phones on their network. Sprint even lets you go online now and change which phone is active on your account without calling a rep.
I'm not really sure "hackers" want to hear me having a chat with my mother about the laundry.
If one wants to be a Hacker, he or she is merely required to roller blade around high school and connect his or her portable computer to a public pay phone. This clearly grants access to all of the data one would ever need in order to hack stuffs.
have you ever seen a payphone with a USB slot?
Have you ever seen the movie Hackers, Cubs?
who needs usb when you have a P6 chip?! Triple the speed of a pentium!
@robotrock
You sir, win.
Because 288 quadrillion encryption keys is never enough.
Seriously.
there's more seedy activity going on AT sprint wireless than ON their network. trust me.
They're crackers, not hackers. Hackers are programmers. Hackers create not destroy.
The media destroyed the term "hacker" because it was more catchy (or less likely to be politically incorrect.)
i always thought
hackers = people who use decryption methods to gain access to privy data.
crackers = white people.
i could be wrong about hackers though
I lol'd! :D
Common mistake.
Hack = a piece of code used over and over again throughout a program. Of course, every high level programmer basically does this now with object oriented languages but it was more signifcant back then.
Crackers = Think cracking a safe. People that breaks in to systems for security reasons, stealing, fun, or forgetting the password to that machine. :P
CDMA tends to be a lot more secure because of the spread spectrum aspects of it which mean standard radio reception equipment won't work. GSM is TDMA and is much easier. Receiving the data is no problem but it's encrypted so you would just get a nonsensical bitstream unless the encryption could be cracked or backdoored. My understanding is that the standard GSM encryption has a couple of flaws which have been documented so this doesn't surprise me too much. The next generation GSM 3G systems are pretty secure but even in the new systems most voice traffic still uses the legacy circuit switching GSM TDMA and not the WCDMA UMTS/HSDPA which is considerably more complicated to attack.
Researchers, lulz. How about normal users
here all you guys go:
http://wiki.thc.org/gsm
Have fun carcking A5 encryption
Lulz, read your own link, broken 9 years ago. You think no one out there has coded it? Are you completely daft? We know A5 gets hacked, its just not worth the effort. Anyone who cares enough already has access to your warez via echelon/carnivore/spawn..
You apperentally care, and it's not in the fucking post so I think it's good that the people have it dickwad.
And no it wasn't broken nine years ago, otherwise it wouldn't be cached here
http://64.233.167.104/search?q=cache:xZAKxfKXkmcJ:wiki.thc.org/gsm+http://wiki.thc.org/gsm&hl=en&ct=clnk&cd=1&gl=us&client=firefox-a
Fucking nubtard.
We've gone a long way from string telephones and the electrical tapping...
Finally i can catch that cheating bitch! Victory is mine!