It was first implemented in Finland in December 1991. By the mid-2010s, it became a global standard for mobile communications achieving over 90% market share, and operating in over 193 countries and territories.
GSM uses several cryptographic algorithms for security. The A5/1, A5/2, and A5/3 stream ciphers are used for ensuring over-the-air voice privacy. A5/1 was developed first and is a stronger algorithm used within Europe and the United States; A5/2 is weaker and used in other countries. Serious weaknesses have been found in both algorithms: it is possible to break A5/2 in real-time with a ciphertext-only attack, and in January 2007, The Hacker's Choice started the A5/1 cracking project with plans to use FPGAs that allow A5/1 to be broken with a rainbow table attack. The system supports multiple algorithms so operators may replace that cipher with a stronger one.
Since 2000, different efforts have been made in order to crack the A5 encryption algorithms. Both A5/1 and A5/2 algorithms have been broken, and their cryptanalysis has been revealed in the literature. As an example, Karsten Nohl developed a number of rainbow tables (static values which reduce the time needed to carry out an attack) and have found new sources for known plaintext attacks. He said that it is possible to build \"a full GSM interceptor...from open-source components\" but that they had not done so because of legal concerns. Nohl claimed that he was able to intercept voice and text conversations by impersonating another user to listen to voicemail, make calls, or send text messages using a seven-year-old Motorola cellphone and decryption software available for free online.
The first public cryptanalysis of GEA/1 and GEA/2 (also written GEA-1 and GEA-2) was done in 2021. It concluded that although using a 64-bit key, the GEA-1 algorithm actually provides only 40 bits of security, due to a relationship between two parts of the algorithm. The researchers found that this relationship was very unlikely to have happened if it wasn't intentional. This may have been done in order to satisfy European controls on export of cryptographic programs.
The schemes commonly used to encrypt GSM telephone calls, SMS messages, and data transmissions have been theoretically broken for years at both the protocol and cipher levels, but results presented in Berlin at the 26th Chaos Communication Congress (26C3) on December 27 demonstrate that a practical attack can be easily implemented. Researchers unveiled cracking tables requiring just two terabytes of disk space that can be used to look up a GSM encryption key and decrypt a transmission. The tables were computed on 40 commodity hardware PC nodes in just a few months' time, and are shared through Bittorrent. Furthermore, the presentation explains that the more difficult practical task of intercepting and capturing GSM calls can already be done with inexpensive radio equipment and open source software.
A5/1 was not published, but researchers began to reverse-engineer italmost immediately, work that was completed and publicized in 1999.Theoretical attacks based on weaknesses in the cipher date back to at least1997, but real-world attacks on the system as implemented in the global GSMnetwork only began to appear in 2003, when the team of Elad Barkan, EliBiham, and Nathan Keller reported that phones use the same set of keysregardless of whether A5/1 or A5/2 encryption was enabled. [PULL QUOTE: Thus, by momentarily tricking a phone into using A5/2 (which can be crackedin seconds), a man-in-the-middle attacker can retrieve the session key for acall and continue to decrypt it even if it subsequently switches to A5/1 atthe network's request. END QUOTE]Thus, by momentarily tricking a phone into using A5/2 (which can be crackedin seconds), a man-in-the-middle attacker can retrieve the session key for acall and continue to decrypt it even if it subsequently switches to A5/1 atthe network's request.Shortlythereafter, networks were advised to discontinue use of A5/2.
Securing mobile phone communications is vital in today's world. As Nohland Paget's presentation noted, GSM is not only used for voice calls, butfor SMS (which increasingly includes financial transactions) and EDGE dataconnections as well. Consumers have no control over the GSM network, and although most have little to worry about in the realm of criminal attackers intercepting their voice calls, business and government users do. 40 off-the-shelf graphics cards computed the A5/1 code book in less than three months; the estimated hardware needed to built a USRP-based GSM interceptor is less than US$3000. That is a trivial investment to anyone with a financial interest in eavesdropping. On top of that, as the weakness of WEP encryption demonstrated to WiFi router owners, a broken security system leaves the network open to mischief, bandwidth-theft, and other security problems beyond call interception. Hopefully, as the A5/1 Security Project suggests, the telecommunications sector will now take positive steps to correct the flaws in GSM and implement better security.
The \"why didn't you tell the carriers first\" anti-full-disclosure noise on this one is giving me hives, all the moreso since *they did*. If I've known it was cracked for 4 years, and the carriers didn't, they all need to fire their chief engineers on the spot. GSM encryption crack made public Posted Jan 7, 2010 2:41 UTC (Thu) by BenHutchings (subscriber, #37955) [Link]
The GSM encryption is really designed to control subscribers and not really protect them. Meaning that the encryption is over the air only. Once it gets to the base station and gets turned into TCP/IP traffic then all bets are off. There is also 50 years worth of technology laying around being used in telephone systems with numerous built-in back doors created for monitoring calls for law enforcement, tracking users, and all sorts of other things. So if your paranoid and want to be safe the only thing you can do is do encrypted VoIP AND use a phone with open firmware. VPN stuff makes it relatively simple once you get the software and the data line to your smartphone.Of course the GSM encryption stuff is pathetic in how poor it is and how old fashioned the thinking of the telephone companies are. GSM encryption crack made public Posted Jan 7, 2010 15:14 UTC (Thu) by Baylink (guest, #755) [Link]
And it's to protect carriers from fraud, which they will have to eat -- which is the *real* issue here. As soon as some noticeable fraudulent traffic starts eating into their revenue, there will be a fix; bet on it. GSM encryption crack made public Posted Jan 7, 2010 18:39 UTC (Thu) by drag (guest, #31333) [Link]
One could certainly argue about the fine points of profession legislation, but alas for the original poster, I don't see how this proves that the laws in the USA are \"so massively out of control a normal executive violates criminal federal [law] a minimal of several times a year just doing normal business\". (I can see how this might be true for copyright law, which is a particular portion of the law that is indeed massively out of control -- though even then, *criminal* violation is not *that* trivial -- but I am not sure there are any other examples.) Federal denture crime Posted Apr 19, 2010 7:43 UTC (Mon) by Denture (guest, #65465) [Link]
There are certainly some things you can say about the difficulty of dealing with the physical layer here but anyone who would liken 2TB to 20KM of books rather than say, a $170 part from a neighbourhood electronics store, 4 hours of uncompressed 24fps 1080p RGB video, or even 50 blu-ray disks isn't really someone who's view you can trust. GSM encryption crack made public Posted Jan 7, 2010 20:03 UTC (Thu) by jmm82 (guest, #59425) [Link]
Brainwaves change with a healthy person's conscious and unconscious mental activity and state of arousal. But scientists can do more with brainwaves than just listen in on the brain at work-they can selectively control brain function by transcranial magnetic stimulation (TMS). This technique uses powerful pulses of electromagnetic radiation beamed into a person's brain to jam or excite particular brain circuits.
\"The significance of the research,\" he explained, is that although the cell phone power is low, \"electromagnetic radiation can nevertheless have an effect on mental behavior when transmitting at the proper frequency.\" He finds this fact especially remarkable when considering that everyone is surrounded by electromagnetic clutter radiating from all kinds of electronic devices in our modern world. Cell phones in talk mode seem to be particularly well-tuned to frequencies that affect brainwave activity. \"The results show sensitivity to low-level radiation to a subtle degree. These findings open the door by a crack for more research to follow. One only wonders if with different doses, durations, or other devices, would there be greater effects\"
Jerry Dixon is currently Infragard's National Member Alliance'sVice President for Government Relations, he currently serves as Directorof Analysis for Team Cymru, and the former Executive Director of theNational Cyber Security Division (NCSD) & US-CERT, of the Department ofHomeland Security. During his time at Homeland, Jerry led the nationaleffort to protect America's cyber infrastructure and identify cyberthreats. Prior to being chosen to lead NCSD, Mr. Dixon served as theDeputy Director of Operations for the U.S. Computer Emergency ReadinessTeam (US-CERT). Mr. Dixon was instrumental in creating US-CERT, whichserves America as the 24x7x365 cyber watch, warning, and incidentresponse center that protects the cyber infrastructure by coordinatingdefense against and response to cyber attacks. Mr. Dixon led the initialdevelopment of US-CERT's capabilities for analyzing and reducing cyberthreats and vulnerabilities, disseminating cyber threat warninginformation, and coordinating incident response activities acrossfederal, state, local government agencies, and private sectororganizations, making it Homeland Security's primary element of cyberpreparedness and response. Before joining NCSD, Mr. Dixon was thefounding director of the Internal Revenue Service's (IRS) ComputerSecurity Incident Response Capability. In this role, Mr. Dixon ledtheir operational cyber security capability for the IRS and developedtheir ability to detect and respond to protect American taxpayer'sprivate information from security attacks. Mr. Dixon has also served asDirector of Information Security for Marriott International, a globalprivate sector company, where he led cyber security planning, securityarchitecture, and security operations. 153554b96e