GSM encryption code cracked wide open, leaked to the Internet
In a move to shed light on the vulnerability of GSM wireless networks, encryption expert Karsten Nohl, with the aid of 24 fellow hackers, was able to compile the multitude of algorithms behind the twenty one year old, 64-bit encryption scheme used to encrypt 80% of the world’s cellular GSM phone calls. The algorithm’s code book, comprising 2TB worth of data, has been published by Nohl and is now available on the Internet through BitTorrent. This is not the first time GSM was “cracked”. In 2003, the method by which GSM’s encryption code could be cracked was uncovered by a team of Israeli researchers and in 2008, David Hulton and Steve Muller presented at Black Hat a technique for the successful interception and decryption of a GSM stream using $1,000 of hardware and a half hour of time. Now in 2009, we have the binary code log that could potentially make GSM decryption faster and easier than ever. Before everybody panics, it is important to point out that the GSM algorithm that was cracked was the older and less secure 64-bit A5/1 algorithm, not the newer 128-bit A5/3 algorithm. Unfortunately, GSM carriers have been slow to adopt this new 128-bit encryption standard but Nohl’s disclosure may be the kick in the butt these lazy carriers need to beef up their security.
Go CDMA, Go!
Hotly Discussed
-1
This comment has been seriously disliked. Click here to see.
Disliked.
-25
I seriously want simultaneous voice/data and sim cards. My comment above was not so serious.
Liked.
+5
Simultaneous voice and data is only unavailable on Verizon because they use their old 1xRTT network for voice and ONLY THEIR DATA is 3G. AT&T upgraded its VOICE AND DATA to 3G because their crummy GSM voice network sounds terrible and is more unreliable, so they switched to W-CDMA all over. In short, if Verizon upgraded their voice network to 3G, they would have simultaneous voice and data as well, but there is no point to this as:
1.) It is a useless feature 99% of the time as nearly everyone holds a phone next to their head while they talk.
2.) There is no reason to waste the money to upgrade the voice network as there would be no benefits and data coverage would suffer because of funding.
If Verizon wasted their time and money upgrading voice, their 3G coverage would be more like AT&T’s – nearly invisible on a national level. W-CDMA – keyword being the ‘CDMA’ in W-CDMA – is an upgrade to GSM, remember that.
You CANNOT use simultaneous voice and data on AT&T’s GSM network, meaning EDGE and GPRS. It’s only on their 3G network, which is just a very small fraction of their actual coverage. The vast majority of users and areas cannot use that “feature.”
SIM cards are also not exclusive to GSM technologies. SIM cards are used for CDMA networks in China. They are called R-UIM cards. The exact same principle as SIM cards apply.
Don’t hate the technology. Hate the way it was implemented by American telco’s.
Liked.
+15
how about browsing the net during boring work conference calls on speakerphone or bluetooth headset? its also nice to be able to run maps if you need directions while on a call. or how about tethering while talking? your right that data + phone call at the same time is not an everyday thing, but i was surprised at how much i missed it when i left att for verizon
Liked.
+9
Unfortunately, the only advantage of GSM is better handset battery life, and that partially a side effect of the weaker technology in itself. Some classify global roaming as an advantage of GSM, but that has absolutely nothing to do with the technology itself, it’s just what the majority of countries have standardized and is not a technological advancement. Plus, you know what they say about standards – they are the lowest option available. CDMA is a premium service.
Technologically speaking, CDMA handles low signal environments much better than GSM, towers propagate further (CDMA has a theoretical max of around ~35Km next to GSM’s ~25Km), CDMA has better sound quality thanks to a RAKE receiver, each CDMA tower can hold far more calls than a GSM tower thanks to nearly perfectly orthogonal chip pulses…CDMA is worlds ahead of GSM technologically, which is why America is covered so much better with CDMA. In small countries, you can get by with GSM because of the small area to cover, but in large countries like the US, CDMA’s ability to cover more ground and hold more calls with far less towers and provide a more reliable network thanks to its ability to hold clear calls at low signal vs. GSM, the weaknesses of GSM really show.
Just a crash course in technology. Not trying to nutswing, I’m hoping you find this information relevant, interesting and enlightening.
Liked.
+16
To be fair, the expansiveness of CDMA networks in the US had more to do with business decisions of the multiple regional carriers and less to do with any technological reasons. There are many ways to increase the gain of any GSM network but there was really no incentive to do that in low populated areas.
Even Verizon wouldn’t have the rural coverage it has today without big acquisitions like Alltel. It would have just be a roaming partner relying on Alltel’s network to connect their users calls outside VZW’s native footprint.
With big carriers like Verizon and Sprint, many smaller regionals built out CDMA digital networks in an effort to increase roaming subsidies on their respective networks and to allow their subs coverage while away from home.
For years, US carriers including Verizon backed by Qualcomm championed the CDMA camp with global worldwide aspirations. Unfortunately, this never really materialized outside a few countries here or there. Instead, Qualcomm settled for second best with HSPA networks and intellectual rights to upcoming 4G networks.
With both relatively mature CDMA and legacy networks in the US, it appears that both will be distant memories within the next 10 years thanks to LTE and WiMax.
Liked.
+12
Okay so next question….does AT&T and T-Mobile use 64-bit A5/1 algorithm, or do they use the newer 128-bit A5/3 algorithm???
Liked.
+11
This comment has been seriously disliked. Click here to see.
Disliked.
-27
If I had to bet ATT is still wondering what GSM stands for and what a SIM card is, and why doesn’t VZW use them. I’m not to worried about it. If it took a team of professional hackers to break the code I feel okay about it.
Liked.
+11
T-Mobile USA uses 128 bit encryption on their entire PCS network.
AT&T uses 128 bit on part of their network but 64 bit on the majority of it. Upgrades have been put on hold with money going towards 3G expansion throughout 2009. Not sure if they’ll even pursue it in 2010. Highly doubt it unless they get some really really bad press over it.
I’ve worked for T-Mobile and now AT&T on the engineering side. T-Mobile has an obviously smaller footprint, but they are sticklers about focusing on quality that’s why they don’t abuse AMR-HR like MaBell does.
AT&T has so much money but there is so much political BS going on internally it’s disgusting. Politics dictate where budget money is distributed to. My group here in CA seems to be dead last when it comes to getting more funds.
Liked.
+24
Gerry Atrics, that is some very good information, thanks! Do you know if this affects UMTS/HSPA 3G or does it only affect you when you are in GSM/EDGE/GPRS coverage only?
It only pertains to voice over legacy GSM networks.
UMTS/HSPA uses a CDMA interface.
Liked.
+6
yeah verizon is sounding good right about now, I’m wondering the same thing Gus
Hotly Discussed
-5
Not that we should really care.
We all know that Verizon, AT&T and Sprint willfully give our information to the NSA. Not sure if T-Mo USA did but I wouldn’t doubt it either. No hacking required!
Hackable or not, our information is out there.
Liked.
+12
LMAO! Good one Gerry!
QFT. (quoted for truth)
This comment has been seriously disliked. Click here to see.
Disliked.
-16
Ok I’m confused, does this mean they can listen to our phone called or what? Someone please explain.
Liked.
+6
Yeah what does this have to do with us on AT&T and t-mo?
Hotly Discussed
-3
Aquafina, because AT&T and T-Mobile are the two US carriers that use GSM technology to deliver their celluar service. So if someone figured out how to crack the GSM encryption it means that they can listen in on your phone cellular phone calls.
Pretty scary. Although there’s an even bigger flaw—I can’t remember what’s it’s called but the police are already able to use fake portable cell towers and do a man in the middle attack.
Liked.
+5
I can hear you now?
Liked.
+10
English, please.
This comment has been seriously disliked. Click here to see.
Disliked.
-15
There’s a little more info here: http://www.nytimes.com/2009/12/29/technology/29hack.html?pagewanted=2
CDMA’s downlink, has a key length of 42 bits, and isn’t even encrypted at all. Its admitted as such by Qualcomm. They were going to fix it in 1xEV-DV. Remember, CDMA voice dates only a few years after GSM.
Liked.
+8
Man, it seems every shred of telecom news is a hit on the AT&T network one way or another. Bad karma around.. Maybe LUKE can use the force…
Liked.
+8
This comment has been seriously disliked. Click here to see.
Disliked.
-12
And this racist remark was necessary because…….
If you’re worried about the Mossad and any other Jewish (Israeli sponsored) intelligence gathering keeps you up at night, I am quite confident the diverse US Government has much better tools available to them to break codes.
So hey, when some government employed puerto-rican dude hands a piece of paper to a lesbian Mexican, who then hands a memo to a black man who works for a Korean who then hands it off to a US citizen named Goldberg who happens to work for the US government too, and your data sits in their hands about what a hate mongering anti-semite you are, then deal with it.
Hotly Discussed
+2
Wow. How long you been sittin’ on that one?
@butthead007: wow, you need to calm down. you obviously don’t like the word jew, but using it doesn’t make you a racist. being racist makes you racist. as far as i can tell from that statement, jakeyboy is giving props to the isrealis anyways.
Liked.
+5
So If I use the N word everyday I’m not a racist? Oh and I’m Native American and White.
Well we all know who the resident Jesus hater is around these parts?
Seriously though the only thing I can imagine that would make me this irritated would be if I worked for Verizon or had to use them because as a last resort because nobody else had coverage inside my trailor park in the middle of Oklahoma or I just couldn’t afford the new $350 ETF.
Haha! Spit the soda out through my nose!
Yeah Butthead007 works for Verizon Wireless so that explains part of his hostility. Just go to HoFo and read his posts. Verizon can DO NO WRONG and he hates customers but works in customer service or retail sales? Go figure!
not sure when jew became a racial slur
how awesome is all this! people will take words and twist them into whatever they want. the word Jew is not racist. but Chevy instead of Chevrolet…that might be racist…lol
Good thing I’m on 3G UMTS and not GSM. Feel bad for those without 3G coverage though. Not sure this is really an issue at all though….Who wants to listen to 99.9999% of any of your calls??
Shame on tiger woods
Who gives a shit it’s not like your phone calls are important anyway. Police and FBI can listen to your convos and read all of your text whenever they want. Illegally or legally it dissent matter.
Yeah, Thanks to the Patriot Act via a douchebag terrorist.
I don’t even like listening to my own phone calls, why would I want to listen to anyone else’s?
Seriously somebody gotta fix these leaks sooner or later.
So what! Sounds like a big waste of time to me. Let me ask BGR a question: Do you think that this was not already known by a limited audience?
That’s a serious question. It might be a little out of place on this forum.
Good grief!
You can thank the Patriot Act on GWB. MISSION ACCOMPLISHED.
Don’t quit your day job…assuming you have one…which I highly doubt.
However, I do prefer Obama’s approach to security…let a terrorist originating from Nigeria, who paid for a one way ticket in cash, who had no luggage, who had no passport and who’s father contacted U.S. authorities multiple times to say his son may be planning something against the U.S. and who has explosvies strapped to his crotch on to a U.S. flight while barrack bodysurfs. B+.
wow a rebublican Latino, what’s next a black president?
Republican Latinos has historically been the norm. The Democrat Latino is only a recent fenomenom of the influx of illegal aliens and lower income legal latinos. I would say it goes back to the Kenedy years when Cubans got a bad taste for Democrats after they were left deserted in the Bay of Pigs disaster. Show what little you know. And it also shows how quickly Latinos forget how terrible the Democrats were to them.
Gus buddy, my above post was seething with sarcasm. Humor my friend, humor
thanks that good
Bilgi|Maxi|td
I has this whore last night. She was amazing and awesome
Unreal
very complicated device
I am trying to use this verizon phone with my boost sim card how can i make it work