Black Hat researchers have engineered a way to easily and cheaply crack GSM's encryption
WASHINGTON -- BLACK HAT DC 2008 -- A pair of researchers has created a low-cost and simple hack to crack the encryption in GSM mobile phones and intercept voice conversations and SMS text messages -- within minutes.
David Hulton and a researcher who goes only by “Steve,” revealed their new technology here at Black Hat DC yesterday. It’s a combination of 2 terabytes worth of hard drives and one field programmable gate array (FPGA) -- which cost about $1,000 to construct.
The researchers claim to be the first to engineer a low-cost, “practical” attack against GSM’s A5/1 encryption algorithm. Their goal was to flag the weak security in the GSM network, but the ease with which they were able to hack it came as a surprise to them: “I was shocked when I saw the [GSM] specs floating around on the Net,” Hulton said. “We were surprised at how fast we could implement this on FGPAs…it’s just incredible speed available to anyone these days.”
Their tool hacks the voice calls and SMS messages in about 30 minutes -- a far cry from the thousands of years it would take to crack it via a PC, they say. They plan to release a commercial-grade version of the tool in the second quarter that cracks calls in 30 seconds, they say. The more FGPAs, the faster it cracks the GSM call’s encryption key, they say.
And since some GSM networks reuse the same key for 16 calls, an attacker could access all of those calls, the researchers say.
Researcher Halvar Flake, aka Thomas Dullien, says Hulton and Steve’s work is significant because it makes cracking the GSM encryption algorithm for the first time relatively simple and inexpensive to do.
“GSM is not secure, but it has to be,” Steve says. “There will be an increase in data and identity theft, tracking, and unlawful interception going on” via GSM, he says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024