Share this
Export PDF
Print
E-mail
Near the end of December 2009, German computer engineer Karsten Nohl once again sought to call attention to the security system used by wireless operators in the GSM (or Global System for Mobile) service, and the apparent need to upgrade to a better encryption system.
The encryption system standard currently in place is a 21-year-old GSM algorithm – the A5/1 privacy algorithm. It was introduced in 1987 and is used today in over 80 percent of mobile calls worldwide, in spite of it having been disclosed as insecure in 1994.
To prove GSM's insecurity, researchers David Hulton and Steve Miller tried to devise a method to dramatically reduce the cost and time needed to crack GSM-based mobile phones. According to Nohl, the project, which was then reported in the Washington Post blog as capable of speeding up the death of the privacy standard in mobile, had not been finished.
While that particular project was not finished, the fact remains that academics have found the security algorithm for GSM to be flawed, perhaps more than service providers would care to admit.
Cracking the code
The GSM Security website cited a demonstration by Alex Biryukov, Adi Shamir, and David Wagner, where the three obtained the A5/1 key in less than a second, using a single PC with 128 MB RAM and two 73 GB hard disks – not much in technogeek standards.
In August 2009, Nohl called on other engineers to help him crack the GSM code. About 24 people, he said, worked independently to produce the amount of random combinations that was necessary to reproduce the GSM algorithm’s code book, which can be used, in theory, to crack GSM phone calls. Nohl published over two terabytes worth of this data on the web.
In a report by the New York Times, Nohl said that he and his fellow coders “are not recommending people use this information to break the law” but are instead trying to “goad the world’s wireless operators to use better security.”
Currently, GSM listening devices, such as those offered by GCom Technologies are easily available for anyone with enough resources to buy them. Likewise, with the revelation that there are indeed cracks in the security system of GSM, observers have noted that mobile phone calls may not be as secure and private as users are led to believe. Indeed, it seems that anyone with enough technical skills and motivation can now easily obtain information through listening in on calls made on mobile phones without the knowledge of the user.
While this seems to be the case, reactions to Nohl’s actions vary.
Karsten Nohl on cracking the code, during a conference. (philnottinghill)
'Overstated' threats
The GSM Association, the London-based industry group which devised the algorithm, questioned the legality of Nohl’s efforts and also said that the security threats to wireless calls were overstated.
Claire Cranton, a spokeswoman of the association, was also quoted in the New York Times as saying: “This is theoretically possible but practically unlikely, what he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.”
The article continues on to report that some security experts disagreed with the sentiment. Nohl’s disclosure of the information is not by itself an attack on the security of GSM, but now that it is out, companies providing the service and other related organizations must quickly address the security issue that was brought to their attention.
As previously mentioned, the A5/1 algorithm, the 64-bit binary code, is still in use in about 80 percent of mobile calls worldwide. In order to address the security issue, an upgrade of the standard to the 128-bit algorithm, the A5/3 encryption algorithm which was developed by the GSM Association in 2007, seems to be the logical course of action. However, most network operators have been reported to not yet have invested in making the security update available to their subscribers.
Still, while the encryption key is available, having it does not necessarily enable tapping into phone calls. The GSM Association further asserted that operators can stop any unintended surveillance by modifying the existing algorithm.
However, with surveillance devices also easily available, fears of an insecure network may not be unfounded after all. At the very least, if GSM security is left as is, it can be expected that mobile technology needed to intercept calls, once limited only to government and intelligence agencies, may also be obtained by certain criminal elements.
Wireless tapping
While not necessarily done by a criminal element, there is a well-known local example of an unknown entity tapping into a very important phone conversation – the “Hello Garci” scandal, which involved soldiers tapping into a mobile phone conversation held by the incumbent President Gloria Macapagal-Arroyo and then-Election Commissioner Virgilio Garcillano.
The details of the alleged electoral fraud aside, technical information about the scandal have not yet been made clear. One such detail, in relation to this article, is the method which was used to obtain the recording of the mobile call and the people who were actually involved.
The source of the recorded material, former Technical Sergeant Vidal Doble – who used to be with the Intelligence Service of the Armed Forces of the Philippines (ISAFP) – claimed that the tapping of the calls was made possible through the help of tech-savvy contacts within Smart Communications Inc. The telecommunications company, however, quickly moved to deny this, stating that it doesn’t have the “highly restricted” equipment needed to tap into mobile calls, and it wouldn’t be able to do so even if it were sanctioned by the court.
The Philippine Daily Inquirer quoted Ramon Isberto, Smart’s corporate communications chief, as saying: “Special equipment is needed for it and we do not have that. Not just anybody can get that because it is highly restricted equipment [and] presumably very expensive. Whoever did the eavesdropping had access to such equipment, but not us.”
In another report, Doble defended his claim by stating that perhaps the top executive of Smart knew about the operation. As it stands, the issue still is a cause for concern since it has a shown that local networks are vulnerable to attacks, with or without the attackers' supposed insider help or access to the company mainframe.
Photo: “Mitsubishi G310 Trium GSM SIM card” by Roman Pinzon-Soto, c/o Flickr. Some Rights Reserved.
Add this page to your favorite Social Bookmarking websites
