Hackers have shown how mobile GSM calls could cheaply be intercepted and decrypted into plain text format using a radio card scanner, a laptop, some Open Source software tools and a codebook table that together converts radio frequency waves into machine readable code.
The potential GSM vulnerability was revealed during a presentation at the recent Hacking at Random conference in The Netherlands.
During the pitch security researcher and hardware hacker Karsten Nohl detailed plans for cracking standard GSM cell phone encryption, known as A5/1, and said he would be making the results available for anyone to use.
The scheme works by pre-generating all the encryption keys used in GSM into a codebook table that can be quickly and easily looked up on the fly.
“It’s been known that GSM is weak theoretically but the security barrier has always been high because of the compute power that is needed to create a code book table,” Ian Meakin, VP Marketing at Cellcrypt explained.
Use of something called Rainbow Tables has condensed the maths needed to create a code book table. The distribution of the compute operation needed across a peer-to-peer grid of around 80 PCs kitted out with Nvidia grahics cards is estimated to be able to crunch the job in around 3 months.
Meakin said there is a need to recognise the gravity of the situation. “This development is worrying. It marks a massive lowering of the bar for criminal organisations to illegally tap mobile phone conversations.”
He estimates that an intercepted call could be recorded and decrypted within 30 minutes or so, should a code book table become available.
This development suggests a mass availability of cheap systems that can crack GSM calls within a 6-24 month timeframe, Cellcrypt has suggested.
The company said it increases the threat level of air interface attacks as a call passes between a mobile handset and the carrier’s base station, and proves the case for software like that produced by Cellcrypt which provides for end-to-end mobile encryption.
Cellcrypt’s software sits on Nokia N series and E Series mobiles and Blackberry devices to encrypt and decrypt at the end points and secure mobile voice communications, just as other enterprise end point messaging devices are protected against virus attacks and spyware.