 | | theoretically possible but practically unlikely. Yea, because this being cracked in the first place was also "theoretically possible but practically unlikely." And what did ya know, someone did it. Time to stick head back in sand. | |
|
 |  Anonymous_AnonymousPremium
join:2004-06-21
127.0.0.1
kudos:2
 ·RoadRunner Cable
| Re: theoretically possible but practically unlikely. said by OSUGoose:Yea, because this being cracked in the first place was also "theoretically possible but practically unlikely." And what did ya know, someone did it. Time to stick head back in sand. all you need is a few Ps3 phat systems running linux to crack very much anything! | |
|
| KearnstdElf WizardPremium
join:2002-01-22
Mullica Hill, NJ | quote:
The group said that hackers intent on illegal eavesdropping would need a radio receiver system and signal processing software to process raw radio data, much of which is copyrighted.
i found this funny as well, because copyrighted material will just so stop someone already committing a crime(id imagine tapping and listening to other people's cell calls is somehow illegal for us civilians to do in most parts of the world).
that is like saying criminals on parole wont use a gun to knock off a 7-11 because they cant have a firearm.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports | |
|
| | | | Re: theoretically possible but practically unlikely. said by Kearnstd:that is like saying criminals on parole wont use a gun to knock off a 7-11 because they cant have a firearm. More like a guy who is robbing a bank not running across the street except at intersections to avoid breaking the law by jaywalking. | |
|
 morboComplete Your Transaction
join:2002-01-22
00000 | I can see the Verizon Wireless ads now...
Verizon and Sprint should jump all over this with ads informing users their AT&T and T-Mobile networks are insecure. Why not? | |
|
|  LinklistPremium
join:2002-03-03
Longport, NJ
kudos:5 | Re: I can see the Verizon Wireless ads now... said by morbo:Verizon and Sprint should jump all over this with ads informing users their AT&T and T-Mobile networks are insecure. Why not? Is CDMA secure or are their hacks out that can also break CDMA security too? | |
|
| |
approval from:
shimonmor 
| Re: I can see the Verizon Wireless ads now... Nothing is secure, given enough time. The question is, are GSM and CDMA secure enough, given the time it takes to break it, and given the potential value of any given conversation?
What does the threat analysis look like? Can someone eavesdrop in real time? Can they record the datastream and decode it for later playback? How much later? An hour? 50 years?
Since no encryption is 100% secure, the vendor has to weigh the risks, and determine if the risks outweigh the alternatives (e.g., the cost of replacing or reprogramming billions of telephones and many thousands of towers). The customer has to weigh the risks as well. Personally, I don't care if someone eavesdrops on my cellular telephone conversations. It's still many thousands of orders of magnitude harder to do that than it is to eavesdrop on my analog landline conversations at various points in the system. | |
|
| | | | | Re: I can see the Verizon Wireless ads now... said by KarlU :
Nothing is secure, given enough time. The question is, are GSM and CDMA secure enough, given the time it takes to break it, and given the potential value of any given conversation?
What does the threat analysis look like? Can someone eavesdrop in real time? Can they record the datastream and decode it for later playback? How much later? An hour? 50 years?
Since no encryption is 100% secure, the vendor has to weigh the risks, and determine if the risks outweigh the alternatives (e.g., the cost of replacing or reprogramming billions of telephones and many thousands of towers). The customer has to weigh the risks as well. Personally, I don't care if someone eavesdrops on my cellular telephone conversations. It's still many thousands of orders of magnitude harder to do that than it is to eavesdrop on my analog landline conversations at various points in the system.
In another article it is stated that a recorded datastream can be cracked, so it doesn't need to be realtime. In addition, it's much, much easier to do if all you're looking for are things like keypad presses (for accessing your bank account, for example). I'll like the article if I can find it. | |
|
| | | |  en102Canadian, eh?
join:2001-01-26
Valencia, CA | Re: I can see the Verizon Wireless ads now... Very true. Don't forget, many 'components' of these networks have to hand off to unencrypted POTS (or equivalent) at some point.
Its much easier to sniff at that level than going through the piece of decrypting + working in the frequency hopping / handoffs that are required to keep a GSM call active.
If you 'really' need to sniff. CALEA already exists, it would be better to hack that. | |
|
| |
| | | | Re: I can see the Verizon Wireless ads now... said by Jim Gurd:said by morbo:Verizon and Sprint should jump all over this with ads informing users their AT&T and T-Mobile networks are insecure. Why not? I believe W-CDMA which AT&T uses for 3G service is not affected by this. That is my thought. I would think the encryption for CDMA and W-CDMA might be the same or close cousins. | |
|
| | | | | Re: I can see the Verizon Wireless ads now... Quick search indicates that the encryption for WCDMA is a longer key. Hence different than the key used for GSM. | |
|
| | | | | | Re: I can see the Verizon Wireless ads now... Given a large enough rainbow table nothing is safe. | |
|
| |  dib22
join:2002-01-27
Kansas City, MO
1 edit | i have never seen any information that they even bother to encrypt their 3g... and most of their network is 2g anyway...
and i remember reading something about the very fact that they have a 2g/3g network running everywhere allows one to compromise... but i can't find it now... | |
|
| | | said by morbo:Verizon and Sprint should jump all over this with ads informing users their AT&T and T-Mobile networks are insecure. Why not? ... and 2 seconds after the first ad airs, CDMA will be cracked as well.
--
Ask me no questions, and I'll tell you no lies...
A MESSAGE to the RIAA and the MPAA: You shouldn't wound what you can't kill... | |
|
| | CorydonCultivant son jardinPremium
join:2008-02-18
Denver, CO | Re: I can see the Verizon Wireless ads now... Yup...why tempt fate? | |
|
| |  pnh102Reptiles Are Cuddly And PrettyPremium
join:2002-05-02
Mount Airy, MD | said by Pirate515:said by morbo:Verizon and Sprint should jump all over this with ads informing users their AT&T and T-Mobile networks are insecure. Why not? ... and 2 seconds after the first ad airs, CDMA will be cracked as well. Kinda reminds me of Oracle's "Unbreakable" ad campaign. 
--
"Net Neutrality" zealots - the people you can thank for your capped Internet service. | |
|
| |  HallPremium,MVM
join:2000-04-28
Dayton, OH
kudos:2 | said by Pirate515:... and 2 seconds after the first ad airs... ...ATT will sue  | |
|
| iansltx
join:2007-02-19
Golden, CO
kudos:2 | From what I've gathered UMTS uses better encryption, so if you can get 3G you're good to go. That said, guess who has a lousy 3G footprint?
Also, from what I've heard CDMA isn't much better than GSM, but you've got the large target issue... | |
|
| | dib22
join:2002-01-27
Kansas City, MO
1 edit | Re: I can see the Verizon Wireless ads now... cmda has not been broken... although many operators might have some bad implementations that would allow attacks it isn't due to the actual cdma spec. | |
|
|  BF69Premium
join:2004-07-28
Camden, TN | said by morbo:Verizon and Sprint should jump all over this with ads informing users their AT&T and T-Mobile networks are insecure. Why not? At&t will just counter it with some dumb comercial with Luke Wilson that will somehow call Verizon a liar without ever actually disproving the facts. | |
|
| |
PaulTTU
join:2009-02-12
Cookeville, TN
1 edit | Not a big deal There are a lot of open source encryption methods that are still very secure. Look at MD6, or more relevant, MD5. MD5 is an older hashing method and the current methods for quick attacks rely on look up tables or brute force. If the implementation of the GSM algorithm is decent then there isn't much to worry about (eg. MD5 salting). Publishing the algorithm allows public critique of the method that would reveal possible weaknesses, and can be a good thing for the public if a weakness is spotted. That is the publisher's intent.
It does not mean that all your GSM calls are now instantly decryptable by strangers. | |
|
|  klipko
join:2006-06-28
Portland, OR | Re: Not a big deal said by PaulTTU:It does not mean that all your GSM calls are now instantly decryptable by strangers. Too add. A person or persons will need sophisticated hardward (RF, bandband, antennas, etc.) and software in order to put into play. Not your standard weekend project. | |
|
| |  tacomaBleeding Dodger BluePremium
join:2001-05-18
Rancho Cucamonga, CA | Re: Not a big deal said by klipko:said by PaulTTU:It does not mean that all your GSM calls are now instantly decryptable by strangers. Too add. A person or persons will need sophisticated hardward (RF, bandband, antennas, etc.) and software in order to put into play. Not your standard weekend project. Just $4k worth of easily purchased equipment.
Yea, nothing to worry about here folks. | |
|
| | | PaulTTU
join:2009-02-12
Cookeville, TN
1 edit | Re: Not a big deal said by tacoma:Just $4k worth of easily purchased equipment. Yea, nothing to worry about here folks. That just gets you the signal, you still have to decrypt it. Decrypting it is still a nontrivial exercise even with the algorithm.
It's also illegal, making off the shelf scanners hard to come by, not that it would stop anyone »en.wikipedia.org/wiki/Scanner_(r···n_the_US | |
|
| | | | cbs228Geeks Of The World, Unite
join:2000-09-04
Saint Louis, MO
1 edit | Re: Not a big deal said by PaulTTU:It's also illegal, making capable parts hard to come by Hardly. You can do it with one of these and a tiny little bit of electrical design knowledge. In fact, someone even built their own GSM base station using this very same hardware, and they used it to offer basic mobile service at Burning Man. So much for not being able to get operable radios. The basic hardware costs maybe $2000 – $4000 USD, and that's a drop in the bucket for organized crime, corporate spies, political organizations, or even John Smith the identity thief. I'd stop banking by (GSM) phone, if I were you.
As an electrical engineering graduate student, the idea that a few filters, some oscillators, and an A/D converter would be difficult to come by is appallingly laughable. The superheterodyne receiver has been around for decades, and many undergrads and amateur radio operators could make one without much difficulty. The carriers can say what they like, but this threat is very real.
I think that we need to accept that our telephone network is fundamentally insecure and take the necessary steps to fix it.
Edit: fixed quote.
--
At our school, we don't earn a degree when we graduate—we earn π/180 radians!
GENERAL FAILURE READING ©: DRIVE
(A)bort, (R)etry, (F)rivolous Lawsuits, (B)ribe Congress? | |
|
| | | | | | | Re: Not a big deal I completely agree. The USRP/USRP2 + GNUradio make the majority of the radio spectrum from ~0 Hz to 5.8 GHz yours to transmit and receive, ignoring any applicable FCC laws for transmission and interference stuffs. Software defined radio is becoming reality.
In order to build your own hardware (and subsequent software), the hard part is programing the software (and hardware should there be and FPGA) and building properly working hardware, NOT in obtaining the physical chips needed to create the device. Although... I did hear about some talk that ?????? (probably the MAFIAA and big time media corporations) want high speed ADCs/DACs, FPGAs, and such be restricted. I think this is ludicrous to suggest doing that. The entertainment industry would have to pay off alot more than just congress, pretty much every IC chip maker would have to paid off. Even then, people would just start salvaging the chips. | |
|
| | | | | | KearnstdElf WizardPremium
join:2002-01-22
Mullica Hill, NJ | Re: Not a big deal and ordering from non US based sites. | |
|
| | | | | PaulTTU
join:2009-02-12
Cookeville, TN | I fixed the illegal comment to make it more suitable for you. You can get SAW filters and LNA's in the GSM range without a problem for a few dollars. Use an ADC and you have the digital GSM signal. You could use a TI TMS320DM643x and bypass the FPGA programming. You don't need $4k worth of parts, especially if you're only planning on listening in on one connection.
GSM Antenna -> SAW -> LNA -> DSP , $40
Then what? How do you decrypt the signal?
I still trust SSL for banking online, I don't see how an application that uses SSL on my phone would be different, even if I'm broadcasting the encrypted data stream open air. | |
|
| | | | | | cbs228Geeks Of The World, Unite
join:2000-09-04
Saint Louis, MO | Re: Not a big deal said by PaulTTU:Then what? How do you decrypt the signal If you read the original research, you will find that the only piece of the decryption puzzle that is missing is a software library for passively analyzing GSM control and data packets—similar to how wireshark extracts, reassembles, and interprets IP packets. This is necessary to determine which bits belong to which calls, and who is calling whom. The open source community hasn't done this yet, but there is nothing that makes this impossible... or even particularly difficult. The GSM control channel is sent completely in the clear, making decoding a relatively trivial process.
More disturbing, however, is the researcher's finding that phones are completely vulnerable to man-in-the-middle attacks from "rogue" base stations. Base stations do not authenticate themselves to handsets—a handset simply assumes that any base station that says "I'm an AT&T cell" or "I'm a T-Mobile cell" automatically has a right to be there. The original researcher was able to use existing, publicly-available software and hardware to create a fake base station that could intercept calls. Doing this obviates the need to break the encryption at all. The attacker would still need to find some way of connecting these calls to the phone network, but anyone motivated enough to do any of this could probably think of something.
said by PaulTTU:I still trust SSL for banking online Indeed, but I was referring to the actual process of calling a bank (i.e., on a voice channel) and asking them (or their automated menu system) to do something.
--
At our school, we don't earn a degree when we graduate—we earn π/180 radians!
GENERAL FAILURE READING ©: DRIVE
(A)bort, (R)etry, (F)rivolous Lawsuits, (B)ribe Congress? | |
|
| | CDMA Doesn't have this problem because of it's spread spectrum technology. It's possible to crack CDMA though highly unlikely. And I actually could care less if someone want's to monitor my call's because the only thing im saying in my conversations is, I'm sorry your cutting out, I have AT&T and I can't hear you!
--
I get 29 MPG in my Toyota Highlander Hybrid! | |
|
| | | Re: CDMA You really believe CDMA is secure? LOL. They're listening in on your CDMA calls just as easy as GSM, trust me. | |
|
| | cghh
join:2001-01-15
Milpitas, CA | Re: CDMA said by pabster:You really believe CDMA is secure? LOL. They're listening in on your CDMA calls just as easy as GSM, trust me. With CDMA, it isn't really a matter of encryption. With CDMA, many calls share the same frequency at the same time, and without knowing the proper spreading key, you can't even identify which parts of all the junk on a given frequency belong to which conversation. It's not that you have to decrypt the data stream; without the spreading key, you can't even find it.
CDMA was originally developed for the US defense department in the 1940's to provide a communication protocol that was inherently difficult to eavesdrop or jam.
As for listening in, it is a heck of a lot easier for security agencies to just tap the number in the cell provider's network after waving a piece of paper labeled "national security" at the provider. | |
|
| | | | | Re: CDMA cghh, precisely. Which really makes the whole discussion pointless, at least vis-a-vi government or law enforcement. For corporate espionage and the like, however, it is a valid point. | |
|
| | Old news? I heard about the weaknesses in GSM back in September on Security Now:
»twit.tv/sn213
It's not eavesdrop-able like the olden days of cellphones back in the 80's when all you needed was a scanner of some sort. But if you want to listen in on a competitor's calls, just acquire the $1000 or so worth of equipment, and set up in a nondescript van next to their office building. Record a day's worth of GSM calls for later decoding. 
It's a good idea to practice the "Trust No One" creed when using wireless devices.
--
"I reject your reality and substitute my own." | |
|
| | | Re: Old news? ...when using ANY device. 
I heard that SN episode way back when as well. | |
|
 TransmasterDon't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY
 ·CenturyLink
| Somewhere in Yemen. Hello......yes this is Abdul.....You are who? NSA???? Look Where????.......What is that???.....Hellfire what????? the call suddenly terminates. Some Where an NSA agent turns off his cell phone with an evil smile. Encyrption?? what encyrption.
--
I am quite sure now that often, very often, in matters concerning religion and politics a man's reasoning powers are not above the monkey's.
- Mark Twain in Eruption | |
|
| Reviews:
·DSL EXTREME
·RoadRunner Cable
| Re: Somewhere in Yemen. said by Transmaster:Hello......yes this is Abdul.....You are who? NSA???? Look Where????.......What is that???.....Hellfire what????? the call suddenly terminates. Some Where an NSA agent turns off his cell phone with an evil smile. Encyrption?? what encyrption. Blamo! | |
|
Chaldo
join:2008-03-18
West Bloomfield, MI | CDMA can be cracked Heck yes it can, all of you who say it can't are out of your minds. One reason why someone would crack GSM is because its a global standard. A lot of fuckin people use it. The amount of CDMA users and GSM users split is a big difference. Also they said German, over there its almost all GSM. Why would he bother with CDMA? Ask yourself that. | |
|
| | | Re: CDMA can be cracked said by Chaldo:Heck yes it can, all of you who say it can't are out of your minds. One reason why someone would crack GSM is because its a global standard. A lot of fuckin people use it. The amount of CDMA users and GSM users split is a big difference. Also they said German, over there its almost all GSM. Why would he bother with CDMA? Ask yourself that. But it's a lot harder because of the nature of CDMA SST, GSM uses TDMA time slot's therefore it's much easier to.
--
I get 29 MPG in my Toyota Highlander Hybrid! | |
|
| | telco security; know your terms oxymoron: a combination of contradictory words
;
;
;
;
most things created for the public (at-large) aren't necessarily a panacea for the individual. | |
|
Bemus
join:2002-01-26
Stanville, KY | LOL I dont think my conversations are top secret but i also dont think i would like someone to hear them either... and neither would my girlfriends!!!! lol | |
|
 NOCManMacChatterPremium
join:2004-09-30
Colorado Springs, CO | Why does the NSA Giggle? Any encryption that is commercialized in the USA has keys that are given to the NSA. They have agents who meet with the credit card companies who can literally dictate what encryption methods their cards can and can not carry. That's why PGP irritated them so much back in the 90's. | |
|
|
|
