The cracking of GSM “encryption” has been making the inter-rounds lately, and this hebdomad on the Security Now! Podcast, Steve histrion takes a countenance at how seriously it’s broken, and what the possibleness risks are. In ultimate terms, it effectuation what you feature on your iPhone — or whatever GSM phone, which includes every phones on AT&T, T-Mobile, Rogers, and nearly every phones internationally — crapper be intercepted, decrypted, and listened to if a mortal has individual thousand dollars worth of equipment and the motivation to do it. In more Byzantine terms:
So again, we’re now at the plaything level. We’re at the take where the hobbyist with a couple thousand dollars crapper – needs to undergo null about broadcasting and modify hardware. And modify every of the preprocessing steps for demultiplexing the accumulation and analyzing it and performing spectrum psychotherapy and uncovering the channels and everything, every of that’s been done. There’s modify whatever grouping hit condemned – they’re not at the GPL licensing, but they are – so they’re proprietary licenses, but free, but they’re open source and liberated for personal use, where turnkey packages to vantage every this accumulation together hit been produced. There’s modify digit which abstracts this USRP, this Universal Software Radio Peripheral, making it countenance same a meshwork figure so that Wireshark, our favorite boat getting utility, is healthy to getting GSM packets and rewrite them and show you every the bits and every the protocols and everything feat on in a course that you capture.
So, I mean, we’re artefact far along in making this possible. In my opinion, this GSM Alliance is – they’re locution what they hit to feature politically; but, if they really conceive what they’re saying, that they’re in serious forgoing because this is no individual James Bond government-level sci-fi stuff. It would be every doable for a company who desired to do whatever surveillance of a competitor to supply a camper with whatever of this equipment, outlay only tens of thousands of dollars, tract it across the street from a competitor, intend their antennas at the competitor’s building, and pay a day just moving in, consumption in every of the cellphone traffic that is existence transacted by the employees within the building, and then drive the camper soured and decrypt those conversations offline afterwards and encounter discover what was existence said. I mean, it is no individual difficult to do. It’s every possible.
It should be noted that the GSMA (GSM Alliance) seems to study this attack academic and impractical for now. If you’re fascinated in more, analyse discover the frequence podcast [MP3 link] or the transcript.
This is a news by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.
GSM Encryption Cracked: Know Your Risks
0 comments:
Post a Comment