1 Now how will I have phone sex with Helen Thomas without anyone knowing?

2 I'm not too worried.

3 Not worried either I'm still using smoke signals, don't own a cell phone and never will.

4 Geez, can a guy catch a break here?

5

Be the first on your block to get the new and improved Secure Phonee technology. Just $99.99 plus activation.

It's what all the cool kids are doing. Comes in pink, too.

6

The report is distorted. What they did was to reverse engineer the encryption algorithm. That's not the same as "cracking" it.

It does open the cipher up to a brute force attack, but since it's a 64-bit key that isn't really trivial.

7 I always assume that Barry's flying monkeys are listening in and modify my conversations accordingly. 

8

sheesh, I wish he would have kept his mouth shut.   This is just like the airlines, you don't need "Real" security, you just need people to THINK you've got security. 

If you've got that, you've got it made.  And you can explain anything that goes wrong as "'jes one a' them things can't do nothin' about."

9 The hack doesn't affect 3G.  Can you hear me now GSM? 

10 Also, no one uses masked ROMs in this kind of product any longer. They all use flash ROM, which is field programmable. That's why you can get a firmware upgrade for your phone at the phone store.

11

O/T  That baby lace wigs deal off to the right can't hold a candle to these folks.  Check out the "Samuel L."

http://tinyurl.com/sxezv

 

12

On the SANS site, there was a quote "the industry group that developed GSM said Nohl's actions were illegal." So there you go - it was illegal, so nobody can use it. I feel much safer already, much like I accept JaNo's assurances that the system worked and air travel is safe.

http://tinyurl.com/ydv2qr6

 

13 5.8 just south of Cali border, michael moore must have fallen out of his hammock!

14

Ace or someone needs to do a post about this

http://tiny.cc/Rkx2N

Some kid got grounded because of his sister and posts scans of her diary on facebook, complete with guys she wants to bang who then go on to write comments on it ridiculing her.

15 OT  Stupid Debbie Dingell:

"I'm appalled that Republicans are 'particizing' this security issue...."

Just now on Fox.  Debbie's been dippin' into the last of the egg nog.

16 Purple Avenger, this is not even conceivably a hoax. The story was covered on /. in the last couple days, and he released the code at at the Chaos conference. A good summary is here. http://tinyurl.com/yah7ek5 A torrent containing the code is available right now, which I won't bother to link.

17 If this is true, for punishment he should have to listen to my phone calls, read my emails,  review my medical records.  For good measure make him look at my millimeter body scans. 

18

Not really off topic - The most convincing SAP Business Objects advertisement EVAH!

Makes me want to get busy doing business with my object until SAPped.

19 I have a cell phone. Sometimes, rarely, I even turn it on.

20 So when I call my wife and tell her I'm going to be a little late for dinner, someone else may be listening!!! Oh, the horror!!!

21 Hussein, is there a blog of how many companies have been brought to their knees by SAP? I know at least one major medical device co. Hint: they do optics.

22 21- Max Baucus still upset about being caught drunk, I see.

23 ... we will just fix it in software ...

24 22- Don't know but every now the add pops up and is pretty interesting, imo.

25 If they somehow stumble upon my conversations, they might learn a thing or two about winning at fantasy football.

26 Ha Ha....I don't even speak German. Jokes on them

27 The really don't encrypt that much of the call anyway.  Usually just the call setup (with the billing information) for most cell phone calls.

Anybody who thinks that their cell call can't be overheard isn't dealing with a full deck.

28 Let's not jump to conclusions.

29 Fffft.  Baby wigs?  Un-funny rip off of cats-with-wigs.

30 We worry about cell phones being overheard but we don't worry about idiots getting on planes with one way tickies paid for in cash and no bags. In the words of Satchmo, what a wonderful world!

31

... telecom companies and their customers are going to get hit with some pretty big one-time expenses fairly soon.

There! Justification for a new federal tax on ... will it be cell phone service, or DSL?

32 This is not germaine to the problem. /Sheriff T. Justice Smokey & the Bandit

33 12

On the SANS site, there was a quote "the industry group that developed GSM said Nohl's actions were illegal." So there you go - it was illegal, so nobody can use it. I feel much safer already, much like I accept JaNo's assurances that the system worked and air travel is safe.

http://tinyurl.com/ydv2qr6

 

Posted by: 141 Driver at December 30, 2009 02:15 PM (JFNQ7)

The lamer the refutation, the more serious the problem.

"It's ILLEGAL!" I'd be embarrassed to say something that stupid and if that's the best they cam come up with then potentially this is a huge problem.

34 10, "Also, no one uses masked ROMs in this kind of product any longer. They all use flash ROM, which is field programmable. That's why you can get a firmware upgrade for your phone at the phone store." Posted by: Steven Den Beste | Phones and field gear are also more sophisticated that you are implying. The encyption handled by the co-processors is lower level than the main CPU, and does not use flashable ROM in most instances. Flash is more expensive, superfluous for a permanent (until EOL at least) encryption layer, and often on chip in a small ROM area. ;-)

35

Privacy is of great concern to me. That's I only speak near extinct native american languages on cell phone calls.

Yah-ze muthaf*ckaz!

36

OT

Dammit Texas Tech (I got my engineering degree there) has fired Mike Leach. The best football coach they ever had.

37 37, Just because he made Craig James son stand in a shed? Please!

38 That's why you can get a firmware upgrade for your phone at the phone store.

Or your local mobbed up criminal who does phone cloning...

Having crypto reprogramming tech distributed at thousands and thousands of locations, staffed by thousands and thousands of random joyously happy employees, all of who undoubtedly are of the utmost sterling character and would never think of doing anything even remotely criminal, sounds completely risk free to me.  What could possibly go wrong?

39 Wtf is wrong with males in this Country? Seems to me many are becoming pussified.

40 Since all cell phone calls consist of: (at least the dozens I'm forced to listen to every day!)

Caller 1:  What are you up to?
Caller2:  Nothing, how about you?
Caller 1: Nothing.  I'll call you back.
Caller 2: Or I'll call you.

absolutely no one should care about the loss of encryption.

41

Wait..what the fuck.?? I have this (AnTyA) attached to every comment

Ace, you facist, Nazi fuck...are you tracking me?

42 Oh, and 64 bit crypto is pretty weak these days.  Hot shit 10 years ago, but today its only one step beyond nothing with the cheap compute power available.

43 If anybody is really THAT interested in hearing me say "Yes, dear....yes, dear...YES, dear...."  then they're sadder bastards than I am.

44
So some kraut is going to know I'm picking up a gallon of milk and some Eggos® for my wife on the way home from work.

Why are my nuts still all loosy-goosy over this?

45 If anybody is really THAT interested in hearing me say "Yes, dear....yes, dear...YES, dear...."  then they're sadder bastards than I am.

They're not interested in that.  They're interested in jacking your ID and using it to ring up thousands of dollars in calls that will appear on your bill.

46 On the plus side - if true and there is going to be a big one time "service" fee I am sure as we sit here Rahm is trying to figure out how he can get a one time cellphone tax through to coincide with the service fee to take even more of our money....and how he can blame Bush.

47 I have a cell phone. Sometimes, rarely, I even turn it on.

Same here. I prolly use the alarm feature more than anything else. I just never warmed up to them. Nice to have in an emergency, tho.

48 But in every John Grisham book, the hero has a cellphone that is completely safe from hacking. Maybe the telcoms should just talk to Grisham - he seems to have the answers.

49

They're not interested in that.  They're interested in jacking your ID and using it to ring up thousands of dollars in calls that will appear on your bill

Yesssss...I'm covered.... unlimited calling plan...woo hoo

50 Awesome.  So now not only will your cell phone give you brain cancer, someone can jack your ID and ring up large phone bills on you AND listen to your conversations and snag your homemade pron videos/pics.

51 If they hacked odumbass phone all they would hear is present.

52 A couple of on-topic points:

The encryption algorithm was already known to be weak, and a replacement has been devised (years ago) and is built into the vast majority of cell phones and base stations. They're not using it now because the carriers haven't wanted to hassle it.

The attack should be very practical in a few months - it requires about two terabytes of rainbow tables to allow for near-real-time decryption. Two terabytes isn't a terribly large number anymore, and the rainbow tables have been under construction for quite a long time now.

53

39 That's why you can get a firmware upgrade for your phone at the phone store

I would rather get a FIREARM upgrade to take care of the sitcheeeeation!

54 IF I get hacked and the phone bill goes up.....not my problem. Phone compmay takes it in the shorts so they can worry about the encryption.

55 "Hallo....Hallo! Vee vill noghw leesten to Tiger as he vispers sveet nuttings to hees ho."

56

it requires about two terabytes of rainbow tables to allow for near-real-time decryption

Seriously...WTF are you talking about??

...seriously

57

If they hacked odumbass phone all they would hear is present.

And uh, ummm, uh, yes Michelle.....................

58 "It does open the cipher up to a brute force attack, but since it's a 64-bit key that isn't really trivial."

Really?

Why do banks use 256-bit encryption and on up?

Which is not 4 times stronger, it's a whole lot stronger.

Finally, 64-bit keys have been broken before by brute force attacks. Nothing higher than 64-bit thus far, but 64? Yeah.

59 58, Or, let me get another baggy of Maui wowie, just give it to the SS agent, Allah Akbar.

60 BRUTE FORCE??/ Yeah baby....bring it on

61 The future of mobile phone technology likely involves the ability to purchase items via the device in a secure way, like has been done in Europe. The GSM break among other problems complicates their standard. In the US, our lack of a unified transmission protocol, and the vendor lock-in a crippling of phones (no SIM, altered/locked down/low feature firmware) are issues that will have to be overcome. In the immediate future the only option likely to available for a long time is SSL web browsing via a data connection on the phone. In addition, there are going to be patent wars and bullshit ala the "wireless N standard" for years before we have any remotely acceptable way of storing payment/ID information in the cellphone/PDA. We can't even build VOTING MACHINES. Plus, with GPS and the rampant abuse by law enforcement requesting that type of info for consumers accounts will stand in the way of informed people latching on to future tech. There are numerous important issues, I could go on and on.

62 OT-
More Seattle area liberal insanity

63 I'm gonna hack Allahpundit's iPhone and read all his mash notes to Meaghan McCain.

64 Crazy Germans. Last time they broke communication codes, Poland got it in the ass.

65 I like my privacy as much as the next guy, lets look into the penumbra!

66

I vas listening in on Ace..

...vat means "I tossed his salad and then he dorked me up the squeakhole"?

67 Body scanners and cell phone hackers. I need to lose weight. And get a life.

68 "I have a cell phone. Sometimes, rarely, I even turn it on."

Cell phones can be turned on remotely. (Just like college girls.)

Now not just by local law enforcement, but by anyone who breaks your phone's encryption, can listen in to your conversations, track your locations, and even as pointed out above access your porn.

69 Cell phones can be turned on remotely.

70 57

it requires about two terabytes of rainbow tables to allow for near-real-time decryption

Seriously...WTF are you talking about??

...seriously

Posted by: rum, sodomy and the lash at December 30, 2009 02:51 PM (AnTyA)

Rainbow Tables http://tiny.cc/G5Qry

If you can store your tables in RAM (easier said that done with 2TB - but doable) you can do damn near real time solutions. A cheap cluster with some fast interconnects could do this.

71 Also, Purple Avenger, I can't understand the skepticism in your post re: this being 'BS'. I would like to see a 3rd party recording of an encrypted stream, running the released code to provide decryption. But having followed decryption from DVDs to Blueray (see doom9 forums), and knowing GSM encryption is weak and has been broken by NSA years ago, I am not in the least skeptical that this codebreaker has done it, and presented it at a very well known security conference. Tends to lend a lot of credibility to the story, IMO.

72

69 "I have a cell phone. Sometimes, rarely, I even turn it on."

Cell phones can be turned on remotely. (Just like college girls.)

Now not just by local law enforcement, but by anyone who breaks your phone's encryption, can listen in to your conversations, track your locations, and even as pointed out above access your porn.

 

And bake a cake in 4 minutes!

73 Cell phones can be turned on remotely.

Yeah, and some phones don't even have an easily removed battery (iPhone for example). That's why I have a pocket Faraday Cage. /snark?

74

If you can store your tables in RAM (easier said that done with 2TB - but doable) you can do damn near real time solutions. A cheap cluster with some fast interconnects could do this.

Gee...thanks for clearing that up for me.

...is that code or something?

75 Two terabytes isn't a terribly large number anymore

No, it isn't. 1Tb solid state drives became available earlier this year and IBM demo'd a 4Tb unit recently.

Imagine parking a van on K-street and picking up lobbyist phone calls, or outside the corporate headquarters of F500 companies prior to earnings announcements.  The possibilities for market manipulations are staggering.

Over 20 years ago I dabbled a bit with some crude tech that reads the contents of computer screens remotely after reading an article in a security journal about the theoretical possibility of doing it.  With about $70 worth of gear, I was able to read the contents of a PC's screen in a room 30' away from the receiver.  Turning off the monitor on the PC didn't even defeat it, because the video card was broadcasting so strongly itself.  The only way to beat that attack method is with expensive TEMPEST gear.

76

Good God. Technology is getting to where it might as well be magic again for the average user.

Why aren't Nerds ruling the world, already?

77 This is not the first time GSM was “cracked”. In 2003, the method by which GSM’s encryption code could be cracked was uncovered by a team of Israeli researchers and in 2008, David Hulton and Steve Muller presented at Black Hat a technique for the successful interception and decryption of a GSM stream using $1,000 of hardware and a half hour of time. Now in 2009, we have the binary code log that could potentially make GSM decryption faster and easier than ever. Before everybody panics, it is important to point out that the GSM algorithm that was cracked was the older and less secure 64-bit A5/1 algorithm, not the newer 128-bit A5/3 algorithm. Unfortunately, GSM carriers have been slow to adopt this new 128-bit encryption standard but Nohl’s disclosure may be the kick in the butt these lazy carriers need to beef up their security.

Quoted from: Boy Genius Report

78 Fair enough, Jim in San Diego, and as I pointed out above, 64-bit codes have been broken by brute force attacks.

And using your source on Rainbow tables:

An easy way to improve on the "rainbowcrack" Rainbow Tables implementation

This section probably goes a bit beyond where a layman would be comfortable, but if you're interested in the practical applications of the above theory or have some interest in cryptography read on..

The rainbowcrack application is how most people come to learn about Rainbow Tables, because it is the application which puts the theory above into code. It has been very successful, with many websites dedicated to generating rainbowcrack hash tables and letting users search them.

However there is a pretty clear way this application could be improved, very easily, in the sense that the generated tables would take up a lot less disk space, but be equally as effective for breaking hashes:

Remember above that when you want to generate a certain chain you start from an arbitrary hash. This just means it doesn't matter where you choose to start from. The rainbowcrack application starts from a randomly generated 64-bit number. This number is then used to generate a chain which ultimately ends with a 128-bit hash, which is reduced to another 64-bit number.

Why use a randomly generated number as the starting point? A pseudo-random number generator can generate a fantastic amount of seemingly random numbers from a single input number. Why not make a single random input number, and then store the index of the number which generates the pseudo-random number?

So for example a cipher like RC4 is a pseudo-random number generator. Say the single input number (the "seed", as it's called) was 18092398. The first 64-bits the RC4 generates might give a number of "091358029384092", to start the chain off. The second 64-bits might give a number of "123793582983480", to start the second chain off. The third 64-bits might give "1089324083486", for the third chain, and so on potentially for billions of chains.

What is the difference between this and storing a random 64-bit number for each chain, as rainbowcrack does?

Simply that a start-point in a rainbowcrack table must be stored as the randomly generated 64-bit number. A start-point using a random-number generator needs only the single input number (the "seed") and the chain number. So when referring to the third chain in the example above, if you wanted to know the start point of "1089324083486", you would only need to know the "seed" number, and that it was the third 64-bit number generated. That's the number "18092398", and the number "3".

To know the start-point for the fourth chain you only need to know the "seed" ("18092398"), and the number "4".

If you have 2^64 chains (1,844,674,407,370,955,616) then it wouldn't make any difference, but that would be 4194304 terrabytes, far larger than any Rainbow Table ever generated. For a more realistic rainbow table with, say, 2^28 (268,435,456) chains you would only need a 28-bit number instead of storing a 64-bit number, as rainbowcrack currently does.

That's an improvement from (64-bit+64-bit) per chain to (28-bit+64-bit) per chain, plus a single 64-bit "seed" number per table. When you're talking about millions of chains that's a very significant reduction of data for the same hash-breaking ability.

In this example a rainbowcrack table would be 2^28 * ( 64-bit random start number + 64-bit chain-end number) (4096 MB).

Using a pseudo-random number generator the table would be 2^28 * ( 28-bit non-random start number + 64-bit chain-end number) + 64-bit "seed" number (3264 MB)

When you scale that difference up to the huge sizes rainbowcrack tables can reach the savings become massive, and you end up with whole hard-disk arrays of randomly-generated chain-start number data that is pure waste, not to mention the bandwidth used moving the data around.

------

So much for"two terrabytes". If the above source is accurate, it should be possible to do it with less much of the time.

79

For about $50,000 - $60,000 in hardware I could break that in real time, I think.

That would be for a 7 node cluster array, using parts I can buy all day long off the shelf.

80 Two terabytes isn't a terribly large number anymore

Quite.

81

Why aren't Nerds ruling the world, already?

Umm...helllooo...Barky?...mom jeans?...remember?

82 75, rum, let me try to clear it up for you. Prior to this public release of the code to break the encryption, only really well funded organizations could hire the experts, afford the equipment and computers to do this. The bar has been substantially lowered, so anyone that can afford the equipment to record the calls (few thousand bucks) can decrypt the calls of anyone broadcasting on the public cell GSM network. They can use less than $10k of computers to decrypt the call in a trivial amount of time. Anyone in the world can now do this, including criminal gangs that could not before, with the hiring of an IT guy. There are many in the illegal cell market. Switch to CDMA.

83 75

If you can store your tables in RAM (easier said that done with 2TB - but doable) you can do damn near real time solutions. A cheap cluster with some fast interconnects could do this.

Gee...thanks for clearing that up for me.

...is that code or something?

Posted by: rum, sodomy and the lash at December 30, 2009 03:02 PM (AnTyA)

Hardware BABY!

I like to design cheap super computers as a hobby.

84 "Yeah, and some phones don't even have an easily removed battery (iPhone for example). That's why I have a pocket Faraday Cage. /snark?"

I rather doubt anyone other than a jealous woman would want to crack my cellphone and since I readily admit I am not monogamous, I can't see what additional information she would hope to glean.

However, cracking the local police chief's, bank president's, or mayor's cell phone could be of interest to a great many people.

85

O/T  That baby lace wigs deal off to the right can't hold a candle to these folks.  Check out the "Samuel L."

Also, the "Lace Wigs" folks have tapped into the billion dollar pet products industry...

http://tinyurl.com/yvamf6

86 @ Posted by: reichwingnut at December 30, 2009 03:07 PM (PjevJ)

Very well put.

87 Given the fact that most every post HERE seems to be encrypted I worry not. Dang techies.

88 FWIW, The FL Turnpike ships little Faraday cage bags you can slip your SunPass unit into under certain circumstances where your unit might be tempted to pay the bill for a guy close to you in line.  Those metalized bags should work fine with a cell phone.

89 @86 - Crap I always screw these links up.

http://tinyurl.com/kiteezzz

90 Crazy Germans. Last time they broke communication codes, Poland got it in the ass.


Of course, exile Poles returned the favor in spades with Enigma.

91 Technology is getting to where it might as well be magic again for the average user.

It already is effectively magic...people think about this stuff like its an appliance, like a toaster.  Which is a completely distorted view. 

A toaster doesn't have much "intrinsic risk" built into it, other than maybe burning your toast or burning your house down if it malfunctions badly enough, and those "risks" are something toaster users kind of understand upfront and accept.  The toaster won't drain your bank account behind your back, assist someone in stealing your identity, or give access to confidential information that might cost millions/billions if leaked prematurely.

The "intrinsic risk" of wireless tech, is far more poorly understood by users.

92

I like to design cheap super computers as a hobby.

I am cheap, but not easy.

93

Does anyone want any scrummy toast? How about waffles?

94 So this is gonna help my Qualcomm stock, right?

95
79  An easy way to improve on the "rainbowcrack" Rainbow Tables implementation

Okay, I'm not worried any more. If it were Unicorns on crack, maybe, but not rainbows on crack.

96 Actually, the funny part is that the biggest thing wasn't breaking the encryption (as noted before, it was already known to be weak) - it was deciphering the frequency hopping method used by the phones and base stations so that a third party could "follow" the transmissions and get a complete bitstream to decode.

97 @95 - Sadly, probably not. Qualcomm has superior technology, but the Europeans really don't like them so don't hold your breath for a switchover. Sucks too... I have some good friends that work there.

Another note - this isn't the first time GSM has been broken (GSM is an evolving standard though - today's GSM is very different from the GSM of ten years ago). CDMA, to my knowledge, has never had anyone even come close to a working attack.

98 Posted by: Evil Red Scandi at December 30, 2009 03:36 PM (erlfI) ... Great point.

99 CDMA, to my knowledge, has never had anyone even come close to a working attack.

Posted by: Evil Red Scandi at December 30, 2009 03:44 PM (erlfI)

Just sayin.

100 A5/1 is a crap cipher; this fact has been known for years. Using LFSRs for a stream cipher is prone to weakness. Really all that's happened is the price of commodity hardware has dropped to the point where 3 TB of lookup tables and a dozen GPUs is a feasible investment for a hacker. I assume that entities the size of governments have been able to decrypt GSM in real time for years (besides, tapping the land line portion where it comes out of the base station obviates any need for decryption.) If you want real voice security, use VOIP over a VPN.

101 Awww frak.  Now I gotta go knock the dust of all of those comm books from grad school.  dammit.

102 14

Ace or someone needs to do a post about this

http://tiny.cc/Rkx2N

Some kid got grounded because of his sister and posts scans of her diary on facebook, complete with guys she wants to bang who then go on to write comments on it ridiculing her.

TEH FUNNY!

His response to sister 'I ¢¾ facebook like you ¢¾ cock'

103 I think Kratos has something pithy to say about this.

104 Why aren't Nerds ruling the world, already? Too busy thinking about computers and sex.

105 This story actually hit the tech blogs about a month ago, maybe early December. As Nohl points out, this is a 15 year old bug that hasn't been squashed. Why not?

The A5/1 cracking project: http://reflextor.com/trac/a51
The 26C3 conference page http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html

Money quote from the conference paper:

From the total lack of network to handset authentication, to the "Of course I'll give you my IMSI" message, to the iPhone that really wanted to talk to us. It all came as a surprise – stunning to see what $1500 of USRP can do. Add a weak cipher trivially breakable after a few months of distributed table generation and you get the most widely deployed privacy threat on the planet.

106 "When you scale that difference up to the huge sizes rainbowcrack tables can reach the savings become massive, and you end up with whole hard-disk arrays of randomly-generated chain-start number data that is pure waste, not to mention the bandwidth used moving the data around." Looking at it from an esoteric math solution - yes - your box would be huge, and almost real time... However from an electronic point of view, there is a little chip, available from half the chip makers on the planet, (or one in every phone), that does the same thing. The seed is sent at the beginning of each phone call, so both ends can sync. All you need to do to receive that seed, is change the electronic serial number (ESN) in the phone, and voila cloned phone. the trick is the right ESN. Feeding your box, with only a single signal is gonna be a problem, and you're gonna be listening to a whole lot of conversations at once. Been done (see batman, and ethical boundaries in your local wiki.) Scanning or reading an ESN and seed only occur once during the beginning of the call. (And changing an ESN can be done rather quickly. ) And reverse engineering anything isn't illegal, or we'd have to close all the colleges. It may violate a use agreement, but the hash code for DVD's has been published, put on T shirts, and trounced throughly in court. It's illegal to do it, not to think about it and publish the results.

107 Just a suggestion, do not talk about bank account numbers and such with your cell phone.  Also, more info in pdf format here  http://tinyurl.com/yeel2rr

108

Couple references to 64 bit encryption.  That is incorrect, the algorithm assumes the top bits to be all zeros, making this a 40 bit key.  All cryptography assumes that the algorithm is in the public domain and relies on key strength to protect the data.  This "hacker" released the algorithm, which has probably been available in the hacking community for years anyway.

40 bits keys are breakable by brute force in minutes on a standard PC.

109 Two terabytes isn't a terribly large number anymore

Our politicians feel the same about two teradollars ($2 trillion).