[Itpolicy-np] Breaking GSM With a $15 Phone … and Hackers Watch a World Collapsing Into Chaos
Bipin Gautam
bipin.gautam at gmail.com
Wed Dec 29 15:46:14 GMT 2010
Hackers Watch a World Collapsing Into Chaos
(Source: http://www.wired.com/threatlevel/2010/12/hackers-watch-a-world-collapsing-into-chaos/
)
BERLIN, Germany – The world is falling slowly apart, and the hackers
here want people to pay attention.
...
Two years ago, the group published what it alleged were the German
interior minister’s fingerprints in the club’s Die Datenschleuder
magazine, allegedly retrieved from a water glass used by the
politician at a speaking event. The fingerprints were printed on a
transparent film that could be used to fool fingerprint readers, in
protest of the increasing use of biometric data associated with
documents such as passports.
The club was also a leading voice in the opposition to the use of
unverifiable computerized voting machines in German elections, which
were ultimately ruled unconstitutional by the country’s constitutional
court. Members have played a leading role criticizing voting machines
in other nations.
The 2010 congress lecture schedule draws broadly from this palette of
interests. Speakers from around the world will address issues such as
government surveillance, weaknesses in Internet anonymizing services,
attacking mobile phones (smart or otherwise),the lunar X-prize,
cryptography, privacy, creating open sea charts and marine mapping,
using robotics to draw high-school students into hacking and
engineering careers, and much more.
But at the event’s core, Gonggrijp said, are the efforts to solidify a
community that has proven mature and responsible, to bring new people
in, and ensure that the world doesn’t thoughtlessly give up its civil
liberties in difficult times.
“We understand a small part of how chaos works,” Gonggrijp said. “As
the world becomes more chaotic, we can help.”
Followup of the main confrence :
http://events.ccc.de/congress/2010/wiki/Main_Page
____________________
Breaking GSM With a $15 Phone …
(Source: http://www.wired.com/threatlevel/2010/12/breaking-gsm-with-a-15-phone-plus-smarts/
)
Speaking at the Chaos Computer Club (CCC) Congress here Tuesday, a
pair of researchers demonstrated a start-to-finish means of
eavesdropping on encrypted GSM cellphone calls and text messages,
using only four sub-$15 telephones as network “sniffers,” a laptop
computer and a variety of open source software.
...
To create a network sniffer, the researchers replaced the firmware of
a simple Motorola GSM phone with their own alternative, which allowed
them to retain the raw data received from the cell network, and
examine more of the cellphone network space than a single phone
ordinarily monitors. Upgrading the USB connection allowed this
information to be sent in real time to a computer.
By sniffing the network while sending a target phone an SMS, they were
able to determine precisely which random network ID number belonged to
the target. This gave them the ability to identify which of the myriad
streams of information they wanted to record from the network.
All that was left was decrypting the information. Not a trivial
problem, but made possible by the way operator networks exchange
system information with their phones.
...
This allows the researchers to predict with a high degree of
probability the plain-text content of these encrypted system messages.
This, combined with a two-terabyte table of precomputed encryption
keys (a so-called rainbow table), allows a cracking program to
discover the secret key to the session’s encryption in about 20
seconds.
...
Nor is it enough to imagine that modern phones, using 3G networks, are
shielded from these problems. Many operators reserve much of their 3G
bandwidth for internet traffic, while shunting voice and SMS off to
the older GSM network.
Nohl elicited a laugh from the audience of hackers when he called the
reprogrammed network-sniffing phones “GSM debugging devices.” But he
was serious, he said.
“This is all a 20-year-old infrastructure, with lots of private data
and not a lot of security,” he said. “We want you to help phones go
through the same kind of evolutionary steps that computers did in the
1990s.”
More information about the Itpolicy-np
mailing list