Security researchers presenting Wednesday at the Black Hat D.C. conference in Washington, D.C., demonstrated technology in development that they say will be able to greatly decrease the time and money required to decrypt, and therefore snoop on, phone and text message conversations taking place on GSM networks.
Many mobile operators worldwide use GSM networks, including T-Mobile and AT&T in the United States. The 64-bit encryption method used by GSM, known as A5/1, was first cracked in theory about 10 years ago, and researchers David Hulton and Steve, who declined to give his last name, said today that expensive equipment to help people crack the encryption has been available online for about 5 years.
Until now, however, it's been prohibitively expensive for people to get their hands on this technology. If it works, the technology Hulton and Steve are developing should be able to crack GSM encryption in less than 30 minutes with about $1,000 worth of equipment, or in about 30 seconds with $100,000 worth of equipment. The technology could potentially be helpful to law enforcement investigators, but could also be taken advantage of by malicious hackers. Hulton says he plans to commercialize the more expensive version of the technology.
Other hardware Hulton and Steve referenced uses two different techniques to snoop on GSM calls and can cost between $70,000 and $1 million. So-called "active" systems simulate a GSM base station and don't rely on encryption because they trick phones into connecting to the GSM network through them. Other, so-called "passive" systems snoop on the traffic and are far more expensive.
Hutton and Steve's technology relies on the use of an array of devices known as field programmable gate arrays to first create a table of all the possible encryption keys -- in this case 288 quadrillion -- and then decrypt each of those over the course of three months. The resulting tables of keys could then be used by software to decrypt GSM communications, which first have to be intercepted using a receiver that can listen in on GSM frequencies.
During their talk, Hulton and Steve also discussed the vulnerabilities of mobile device SIM cards, noting that GSM networks broadcast SIM cards' unique IDs in unencrypted text, which can tell attackers or law enforcement what kind of phone someone is using. The GSM network also can tell snoopers how far a phone is from a base station, within 200 meters of error. They noted that SIM cards run Java Virtual Machines that operators have access to, and suggested that it could be possible for malicious attackers to install applications on user's phones without them ever knowing, potentially rerouting traffic to a third party who listens in to phone conversations.
The GSM Association, a trade group representing more than 700 GSM operators, said it could not comment on the specific claims Hulton and Steve are making. However, spokesman David Pringle said in an e-mailed statement that while researchers have showed how A5/1 could be compromised in theory, none of their academic papers have led to "practical attack capability that can be used on live, commercial GSM networks." He also noted that more advanced encryption is beginning to be deployed for GSM networks and that other networks, including 3G networks, don't use A5/1.