Hackers have once again demonstrated that the GSM (Global System for Mobile Communications) standard, the most widely used mobile phone standard in the world, can be hacked.
The GSM Association (GSMA) has acknowledged the technology’s flaw, but it said the weakness is not a serious threat and that hackers have not been able to create a practical attack capability that can be used on live, commercial GSM networks.
However, the danger of this latest hack is that it was done with relatively inexpensive equipment, including a PlayStation 3 and open source software, showing that it’s getting cheaper and easier to hack wireless communications.
The Latest Hack
“It was stunning to see what (US)$1,500 of USRP can do,” they wrote in a summary of their presentation at the Chaos Club congress. “Add a weak cipher trivially breakable after a few months of distributed table generation, and you get the most widely deployed privacy threat on the planet.”
GSM is used by nearly 800 mobile carriers in 219 countries worldwide, representing more than three billion connections, according to GSMA statistics.
USRP stands for “Universal Software Radio Peripheral.” A USRP is a high-speed USB-based board for making software radios. It has an open design with freely available schematics, and comes with free software to integrate with the GNU Radio free software toolkit.
Nohl and Paget have created a code book, or lookup table, for the A5/1 cipher using fast graphics cards such as Nvidia and ATI/AMD cards, and Sony PlayStation 3s. While compiling such a code book would take more than 100,000 years on a single CPU, it took three months on 40 Nvidia Cuda nodes.
The most important thing about this latest hack is that it used relatively inexpensive, widely available technology. “Processing power is increasing dramatically, with GPU (graphics processing units) in particular,” said Rob Enderle, principal analyst at the Enderle Group, said. “This is only the tip of the iceberg when it comes to how this power could be used to hack into otherwise secure data streams.”
Another danger lies in the fact that GSM is being used in an increasing range of sensitive applications, hackers Nohl and Paget said. These include voice calls, banking through SMS and access control.
“Cloning, spoofing, man-in-the-middle [attacks], decrypting, sniffing;, crashing, DoS’ing, or just plain having fun — if you can work a BitTorrent client and a standard GNU build process, then you can do it all too,” hackers Nohl and Paget said. “Prepare to change the way you look at your cellphone forever.”
However, at present, it’s not quite clear just who will be impacted. “Opinions are split, even among technologists,” Ozzie Diaz, CEO of wireless intrusion prevention firm AirPatrol, told TechNewsWorld. “Some say this latest hack is significant because wireless networks are purported to be some of the most secure networks in the world, but others say it won’t be an issue at all when you get to 3G and beyond.”
Only select people will probably be at risk from GSM hacks, Enderle told TechNewsWorld. “The most exposed are likely to be celebrities, top executives or board members of large public corporations, politicians, and intelligence organizations,” he explained.
Federal government officials could also be at risk, depending on their jobs and how mission-critical their work is, AirPatrol’s Diaz pointed out.
“The GSMA heads up a security working group, which looks at all issues related to security, and this isn’t something we take lightly at all,” association spokesperson Claire Cranton told TechNewsWorld. The association has a new security algorithm that’s being phased in, she added.
The association might speed up its work in moving to a new algorithm, A5/3. “The GSMA’s security group is set to have a meeting in February to decide whether it will be necessary to upgrade to a stronger code,” Julien Blin, CEO and principal analyst at JBB Research, told TechNewsWorld. “This could be a game-changing factor.”
However, the A5/3 algorithm is also insecure, hackers Nohl and Paget contended. Replacing A5/1 with A5/3 may not be enough because the A5/3 cipher, known as “Kasumi,” has been broken by academic researchers, and A5/3 uses the same keys as A5/1.
In fact, the A5/0, A5/1 and A5/2 algorithms were all broken in 1998, according to a Black Hat briefing in 2008. Key material is reused, key recovery systems are available, and the key is artificially weakened, according to the briefing.
The GSMA does not see these hacks as significant. “Over the past few years, a number of academic papers setting out, in theory, how the A5/1 algorithm could be compromised have been published,” according to a statement the association released. “However, none to date have led to a practical attack capability being developed against A5/1 that can be used on live, commercial GSM networks.”
The GSMA admits that hackers could attack the A5/1 algorithm using a lookup table, but it seems to think the table’s size — 2 TB — will make that difficult. Also, it pointed out that before a practical call can be attempted, the GSM call has to be identified and recorded from the radio interface, which is a complex task. “A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data,” the association said. “The complex knowledge required to develop such software is subject to intellectual property rights, making it difficult to turn into a commercial product.”
Criminals often disregard intellectual property rights, however, and the USRP seems to have gotten over the difficulties of processing raw radio data, at least to some extent.
On the other hand, the industry’s move to UMTS, 3G and 4G might render the latest hack essentially moot. “3G uses a different algorithm set,” the GSMA’s Cranton pointed out.
“Most carriers are on their way to 2.5G or 3G or even 4G, so the GSM hack might be a problem that’s too late to be called a problem,” AirPatrol’s Diaz said. “It may not be an issue at all once you get to 3G and beyond.”