WASHINGTON -- BLACK HAT DC 2008 -- A pair of researchers has created a low-cost and simple hack to crack the encryption in GSM mobile phones and intercept voice conversations and SMS text messages -- within minutes.
David Hulton and a researcher who goes only by Steve, revealed their new technology here at Black Hat DC yesterday. Its a combination of 2 terabytes worth of hard drives and one field programmable gate array (FPGA) -- which cost about $1,000 to construct.
The researchers claim to be the first to engineer a low-cost, practical attack against GSMs A5/1 encryption algorithm. Their goal was to flag the weak security in the GSM network, but the ease with which they were able to hack it came as a surprise to them: I was shocked when I saw the [GSM] specs floating around on the Net, Hulton said. We were surprised at how fast we could implement this on FGPAs its just incredible speed available to anyone these days.
Their tool hacks the voice calls and SMS messages in about 30 minutes -- a far cry from the thousands of years it would take to crack it via a PC, they say. They plan to release a commercial-grade version of the tool in the second quarter that cracks calls in 30 seconds, they say. The more FGPAs, the faster it cracks the GSM calls encryption key, they say.
And since some GSM networks reuse the same key for 16 calls, an attacker could access all of those calls, the researchers say.
Researcher Halvar Flake, aka Thomas Dullien, says Hulton and Steves work is significant because it makes cracking the GSM encryption algorithm for the first time relatively simple and inexpensive to do.
GSM is not secure, but it has to be, Steve says. There will be an increase in data and identity theft, tracking, and unlawful interception going on via GSM, he says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.