Open Source GSM Cracking Software Released 112
angry tapir writes "The GSM technology used by the majority of the world's mobile phones will get some scrutiny at next week's Black Hat security conference. An open source effort to develop GSM-cracking software has released software that cracks the A5/1 encryption algorithm used by some GSM networks. Called Kraken, this software uses new, very efficient, encryption cracking tables that allow it to break A5/1 encryption much faster than before."
Awesome (Score:1, Interesting)
Will this allow me to finally clone my multiple V2 sim cards on a single super card so I won't have to carry multiple GSM cards when I travel abroad?
TFA focus isn't just encryption... (Score:5, Interesting)
TFA also points out that eavesdropping as 'easy' as making a fake tower, getting phones to connect to it, commanding them to drop encryption, and having enough disk space to save the conversations. Not very expensive, and not very difficult.
So this would work well if you brought a fake tower with you to an event, like a convention or even a press conference, and just gather conversations at will. Setting up a tower near the White House would not be impossible, unless they already understand this and have an onsite tower they can secure. The Secret Service is no doubt already working with this, if not already in place. If VZW or Sprint is their most common carrier, well, those are different standards so this is not the problem.
All said and done, it is not impractical to be able to eavesdrop on GSM phones, though it is nontrivial. Data intercept I don't know a lot about.
Re:How ironic (Score:5, Interesting)
You do realize that net neutrality is the _absence_ of filtering, right?
See, the whole idea is that an ISP that also owns other companies, or is affiliated somehow, can't step in and decide what is and isn't viewable, charge more, etc.
Re:How ironic (Score:3, Interesting)
If I wanted a flame war I'd say you know nothing about what a common carrier is.
That however would leave me open to not knowing the concepts of giving an inch and them taking a mile.
Regulation by telling a corporation they can't self-regulate communication based on content will be a sticky issue since it has to be constantly defended against the government saying, YOU corporations can't regulate content but WE can. But at least there are some mechanisms in place that allow the people to control the government. The only mechanisms that allow people to have control over corporations is the market, and if the corporation has a monopoly on the physical lines, there is no market.
Re:TFA focus isn't just encryption... (Score:3, Interesting)
You do realize, that in order for a fake tower to work, it actually has to be part of the network right?
How do you intend to connect to the phone network with your fake tower?
Putting up a fake tower and getting phones to connect isn't hard, but its just about only useful for stop calls.
If you want to listen in on calls with a 'fake tower' it actually has to function as a tower and connect you to a phone network so you can have a conversation. Not much to record otherwise.
Still not impossible, but its not something you can do without someone else knowing about it.
Re:How ironic (Score:3, Interesting)
Again, you actually believe the government regulating internet traffic is going to be the absence of filtering? Government--the most corrupt organization in the world--is somehow going to be more neutral than a private organization that is beholden to customer satisfaction? That lobby groups like the RIAA won't petition for special restrictions on torrent traffic?
On top of that, an ISP should absolutely be allowed to decide how its network is run and what traffic goes across it. Internet access isn't a constitutional right. It's their network--they can run it however they want to, and if you don't like it, that's life. I don't like the color of my office, but that doesn't mean the government has the right to restrict what colors offices are painted in.
Stop bringing more and more government into our lives!
Which networks? (Score:2, Interesting)
am I the only one not surprised? (Score:1, Interesting)
I know I will probably be called troll or something, but here it goes anyway...
I worked as a consultant for the defense ministry of certain latin american country (which routinely uses its military for police purposes). While being there I befriended some people who had access to complex eavesdropping systems. They showed me how they had the ability to almost instantly intercept any mobile phone call. They even did it with one of my phone calls for amusement. There were 4 cell phone operators in the country, 2 of them using GSM, 1 of them CDMA and the other used iDEN. They could listen to any call on any operator except the one using CDMA. In the iDEN operator they could listen to both calls and PTT radio.
However, I'm not sure they were breaking encryption even if they told me they were, it might just be that the operators handed them some keys or that encryption was turned off by default in all but the CDMA company and no one notices or cares.