News: Encrypted GSM Voice Calls & SMS Messages Hacked in Minutes

#11 (**permalink**) February 29th, 2008, 11:32 AM

On Thu, 21 Feb 2008 22:10:17 -0500, The Ghost of General Lee
<ghost@general.lee> wrote in
<o7fsr3ld64bcmoa0e368hdvsb8lvb7i0cu@4ax.com>:

>On Thu, 21 Feb 2008 17:58:56 -0800, SMS <scharf.steven@geemail.com>
>wrote:
>
>>Diamond Dave wrote:
>>> On Thu, 21 Feb 2008 16:29:35 -0800, SMS <scharf.steven@geemail.com>
>>> wrote:
>>>
>>>> It's applicable to these carriers. The alt.cellular group isn't well used.
>>>
>>> Don't post GSM crap in the Verizon, Sprint or Alltel newsgroups. Last
>>> I checked, we use CDMA, which is much more secure! :)
>>
>>Yes, this is true. But it's still applicable, IMVAIO, because at least
>>it presents one valid issue that those CDMA users should consider if
>>they are considering switching carriers.
>
>Perhaps, but it still makes you seem no better than Navas, Oxturd, or
>Butler.

Steven is, of course, a hypocrite (among other things).

--
Best regards,
John Navas <http:/navasgroup.com>

"Usenet is like a herd of performing elephants with diarrhea - massive,
difficult to redirect, awe inspiring, entertaining, and a source of mind
boggling amounts of excrement when you least expect it." --Gene Spafford

#12 (**permalink**) February 29th, 2008, 11:32 AM

On Thu, 21 Feb 2008 15:58:40 -0800, SMS <scharf.steven@geemail.com>
wrote in <47be0f7e$0$36330$742ec2ed@news.sonic.net>:

>Uh oh. Don't be doing any telephone banking or credit card ordering on
>your GSM phone.
>
>"A pair of researchers has created a low-cost and simple hack to crack
>the encryption in GSM mobile phones and intercept voice conversations
>and SMS text messages -- within minutes."
>
>http://www.darkreading.com/document.asp?doc_id=146616

That you think this is news speaks volumes about your "expertise" --
it's anything but news, and not the biggest threat.

"Real-Time Cryptanalysis of GSM's A5/1 on a PC"
by Alex Biryukov and Adi Shamir
December 9, 1999:
http://cryptome.org/a5.ps (Postscript, 292K)

Abstract:

A5/1 is the strong version of the encryption algorithm used by about
100 million GSM customers in Europe to protect the over-the-air
privacy of their cellular voice and data communication. The best
published attacks against it require between 2^40 and 2^45 steps.
This level of security makes it vulnerable to hardware-based attacks
by large organizations, but not to software-based attacks on multiple
targets by hackers.

In this paper we describe a new attack on A5/1, which is based on
subtle flaws in the tap structure of the registers, their
noninvertible clocking mechanism, and their frequent resets. The
attack can find the key in less than a second on a single PC with 128
MB RAM and two 73 GB hard disks, by analysing the output of the A5/1
algorithm in the first two minutes of the conversation. The attack
requires a one time parallelizable data preparation stage whose
complexity can be traded-off between 2^37 and 2^48 steps. The attack
was verified with an actual implementation, except for the
preprocessing stage which was extensively sampled rather than
completely executed.

Remark: The attack is based on the unofficial description of the A5/1
algorithm at http://www.scard.org. Discrepancies between this
description and the real algorithm may affect the validity or
performance of our attack.

[MORE]

--
Best regards,
John Navas <http:/navasgroup.com>

"Usenet is like a herd of performing elephants with diarrhea - massive,
difficult to redirect, awe inspiring, entertaining, and a source of mind
boggling amounts of excrement when you least expect it." --Gene Spafford

#13 (**permalink**) March 1st, 2008, 05:05 PM

On Feb 29, 9:12 am, John Navas <spamfilt...@navasgroup.com> wrote:
> On Thu, 21 Feb 2008 20:37:01 -0500, Diamond Dave
> <dmine45.NOS...@yahoo.com> wrote in
> <eo9sr3hdlipaaon1k801ff53uodseej...@4ax.com>:
>
> >On Thu, 21 Feb 2008 16:29:35 -0800, SMS <scharf.ste...@geemail.com>
> >wrote:
>
> >>It's applicable to these carriers. The alt.cellular group isn't well used.
>
> >Don't post GSM crap in the Verizon, Sprint or Alltel newsgroups. Last
> >I checked, we use CDMA, which is much more secure! :)
>
> CDMA has also been cracked. (I posted citations long ago.)

Strange. I asked you specifically for them, but there was never a
response.
Please retrieve them and post them again.

#14 (**permalink**) March 1st, 2008, 08:45 PM

On Mar 1, 2:57 pm, carcarx <carc...@hotmail.com> wrote:
> On Feb 29, 9:12 am, John Navas <spamfilt...@navasgroup.com> wrote:
>
> > On Thu, 21 Feb 2008 20:37:01 -0500, Diamond Dave
> > <dmine45.NOS...@yahoo.com> wrote in
> > <eo9sr3hdlipaaon1k801ff53uodseej...@4ax.com>:
>
> > >On Thu, 21 Feb 2008 16:29:35 -0800, SMS <scharf.ste...@geemail.com>
> > >wrote:
>
> > >>It's applicable to these carriers. The alt.cellular group isn't well used.
>
> > >Don't post GSM crap in the Verizon, Sprint or Alltel newsgroups. Last
> > >I checked, we use CDMA, which is much more secure! :)
>
> > CDMA has also been cracked. (I posted citations long ago.)
>
> Strange. I asked you specifically for them, but there was never a
> response.
> Please retrieve them and post them again.

And here's the thread in which I asked:

http://groups.google.com/group/alt.c...bc3ce7ba2a2b94

#15 (**permalink**) March 1st, 2008, 08:45 PM

carcarx wrote:
> On Feb 29, 9:12 am, John Navas <spamfilt...@navasgroup.com> wrote:
>> CDMA has also been cracked. (I posted citations long ago.)
>
> Strange. I asked you specifically for them, but there was never a
> response.
> Please retrieve them and post them again.

Navas must have gotten his information from this...

But first...consider the source, Steve "Black Helicopter" Gibson

From http://www.grc.com/sn/SN-130.txt
[quoting the relevant part]

STEVE: Both types of cellular technology, both GSM and CDMA,
unfortunately use encryption that was - I mean, I can just hear our
listeners getting ready for this - was designed by engineers and not by
crypto people.

LEO: Just like WEP.

STEVE: In their defense, in defense of the cell technology, back when
this was first done, it was much more expensive to have processing power
than it is now. At least in the case of GSM, it's based on a shift
register, I think it's three different shift registers with multiple
taps, which is one way of generating pseudorandom data. They've tried,
the people doing it tried to keep this as a trade secret, tried to keep
it proprietary. Bottom line is it's been cracked.

LEO: Now, you understand first of all this isn't - this is CDMA. And
it's EVDO, it's EVDO. It's Sprint.

STEVE: Right. Right. Now, exactly. Now, but CDMA has been cracked
also. So...

LEO: And I don't know if EVDO really uses CDMA technology. It's on
those frequencies, but it might use something else.

STEVE: Actually it does. All EVDO is really doing is aggregating a
bunch of channels together. And essentially that's where you get all
this extra bandwidth...

LEO: Oh, interesting.

STEVE: ...is it just pulls a bunch of cell channels together and uses
them all in parallel in order to increase its speed.

LEO: How interesting.

STEVE: I don't know one way or another for sure whether there's an
additional layer of encryption on top of the standard cell technology.
And when I - again, as I started saying, I don't want to freak out our
listeners. It's not like, you know, CDMA and GSM has been cracked to
the degree, for example, that WiFi has been. But there are papers on
the 'Net that talk about how this stuff can be cracked. So it's not
like there's super-strong, industrial-grade, current state-of-the-art
crypto. The problem is, these technologies, these digital cellular
technologies are so old, and now so widely deployed, that they can't be
updated without obsoleting the entire network. And they're, I mean,
they're encrypted to the extent that you have to really, really, really
want to crack them in order to get inside them. But it is possible.
Has been done.

LEO: I'm reading here that EVDO uses a 42-bit pseudo-noise sequence
called a "long code" to scramble the transmissions.

STEVE: Right. I mean, and...

LEO: That's not very long.

STEVE: No, it's not. And again, it's...

LEO: And then it uses AES.

STEVE: On top of it.

LEO: Yeah. Well, wait a minute.

STEVE: Okay.

LEO: Now, wait a minute. The long code scrambles transmissions through
the standardized cellular authentication and voice-encryption algorithm,
which is probably the one that's broken, to generate a 128-bit sub-key
called Shared Secret Data, SSD. This key feeds into an AES algorithm to
encrypt transmissions.

STEVE: Well, that does sound pretty good.

LEO: If it's using AES with a 128-bit key generated by random, by
pseudo-noise...

STEVE: Yeah, it doesn't sound like it's using any kind of a public key
technology. And I don't know where the shared secret comes from. It
might be based on the phone number, or maybe it's established ahead of
time? Anyway, it is on my list of things to research deeply. So I can,
you know, we'll spend an hour here before too long talking in detail
about cellular encryption technology because I know lots of people are a
little anxious about it.

LEO: Well, the thing that makes me anxious is maybe EVDO is secure, the
data's secure. But it sounds like voice transmissions over GSM and CDMA
are not.

STEVE: Right. They would be relying on that initial level of
obfuscation, which you really cannot consider as being encryption.

LEO: Right. You know, it's funny because, when we went from analog to
digital cell phones, I remember, as we talked about earlier, analog cell
phones, just like analog land lines, were completely, completely
monitorable. And I remember asking hackers; and they said, well, we
don't know how, but probably you could hack into it.

STEVE: Probably.

#16 (**permalink**) March 2nd, 2008, 02:30 PM

On Mar 1, 6:32 pm, DTC <m...@nothingtoseehere.zzx> wrote:
> carcarx wrote:
> > On Feb 29, 9:12 am, John Navas <spamfilt...@navasgroup.com> wrote:
> >> CDMA has also been cracked. (I posted citations long ago.)
>
> > Strange. I asked you specifically for them, but there was never a
> > response.
> > Please retrieve them and post them again.
>
> Navas must have gotten his information from this...

No, that has no reference to North Korea.

I also focus in on this that you posted:

> But first...consider the source, Steve "Black Helicopter" Gibson

> LEO: Now, wait a minute. The long code scrambles transmissions through
> the standardized cellular authentication and voice-encryption algorithm,
> which is probably the one that's broken, to generate a 128-bit sub-key
> called Shared Secret Data, SSD. This key feeds into an AES algorithm to
> encrypt transmissions.
>
> STEVE: Well, that does sound pretty good.
>
> LEO: If it's using AES with a 128-bit key generated by random, by
> pseudo-noise...
>
> STEVE: Yeah, it doesn't sound like it's using any kind of a public key
> technology. And I don't know where the shared secret comes from. It
> might be based on the phone number, or maybe it's established ahead of
> time? Anyway, it is on my list of things to research deeply. So I can,
> you know, we'll spend an hour here before too long talking in detail
> about cellular encryption technology because I know lots of people are a
> little anxious about it.
>
> LEO: Well, the thing that makes me anxious is maybe EVDO is secure, the
> data's secure. But it sounds like voice transmissions over GSM and CDMA
> are not.
>
> STEVE: Right. They would be relying on that initial level of
> obfuscation, which you really cannot consider as being encryption.

Yet, when one delves into the encryption of 1xRTT one sees (section 2
of
http://www.cdg.org/technology/cdma_t...y_overview.pdf
)
the 128 bit AES key and the 42 bit long code. (reference Fig. 3 in in
section 2.2).

So, there it appears that the voice encryption has the strength of the
data encryption. so, according to the interview
posting, voice is secure, too.

So, we're still waiting for Navas' references and dates.

#17 (**permalink**) March 3rd, 2008, 03:20 PM

On Mar 2, 12:14 pm, carcarx <carc...@hotmail.com> wrote:
> On Mar 1, 6:32 pm, DTC <m...@nothingtoseehere.zzx> wrote:
>
> > carcarx wrote:
> > > On Feb 29, 9:12 am, John Navas <spamfilt...@navasgroup.com> wrote:
> > >> CDMA has also been cracked. (I posted citations long ago.)
>
> > > Strange. I asked you specifically for them, but there was never a
> > > response.
> > > Please retrieve them and post them again.
>
> > Navas must have gotten his information from this...

That post, according to the web site was dated February 7, 2008, well
after
his May 1st posting, so couldn't have been part of Navas' original
information, either.

> So, we're still waiting for Navas' references and dates.

#18 (**permalink**) March 3rd, 2008, 08:09 PM

carcarx wrote:
> On Mar 2, 12:14 pm, carcarx <carc...@hotmail.com> wrote:
>> On Mar 1, 6:32 pm, DTC <m...@nothingtoseehere.zzx> wrote:
>>
>>> carcarx wrote:
>>>> On Feb 29, 9:12 am, John Navas <spamfilt...@navasgroup.com> wrote:
>>>>> CDMA has also been cracked. (I posted citations long ago.)
>>>> Strange. I asked you specifically for them, but there was never a
>>>> response.
>>>> Please retrieve them and post them again.
>>> Navas must have gotten his information from this...
>
> That post, according to the web site was dated February 7, 2008, well
> after
> his May 1st posting, so couldn't have been part of Navas' original
> information, either.
>
>> So, we're still waiting for Navas' references and dates.
>

You can't crack CDMA real time. You can capture a piece of a
transmission and crack it over time, but you'll have only a tiny piece
of the total conversation.

Remember, CDMA was designed for military use because of its security in
field communications. CDMA was only declassified in the mid 1980's.

See
"http://www.nortel.com/solutions/wireless/collateral/nn_107760.09-15-04.pdf"