What is Digg?119 Comments
- BlindingDawn, on 02/22/2008, -2/+85And the NSA has had back door access from the beginning.
- inactive, on 02/22/2008, -0/+34It gets worse! Your IP Address is broadcast EVERY TIME you connect to the Internet!
- inactive, on 02/22/2008, -1/+35not bad... 30 seconds... if anyone needs it done but isn't so crunched for time... i can crack it in 32 seconds... give me a ring
- sholt, on 02/22/2008, -1/+30They do, and stop ordering sardines. That's nasty.
- StolenLamp, on 02/22/2008, -0/+23I'll throw in a $5 coupon to Chili's if you can do it in 31.
- sagat, on 02/22/2008, -3/+21You mean the government hasn't been listening to my pizza delivery orders all these years? Damn I just assumed they had a large room somewhere in Virginia where 2,000,000 people listened to all 70 million phone calls made in the US every day...
- SPECOPS, on 02/22/2008, -0/+17The US Telcom immunity act isn't proof, but I'd say it's a huge hint for anyone with 1/2 a brain and uses it.
- webcrumb, on 02/22/2008, -0/+15No, just - no.
- plarp, on 02/22/2008, -1/+13and actually looking for the NSA backdoor is probably the computationally most cost effective..
- smrekar, on 02/22/2008, -1/+13Annoying ads!!!!! Normally I don't do this, but those ads need to go.
Black Hat Conference: Security Researchers Claim To Hack GSM Calls
The creators of the in-development technology say they'll be able to crack GSM encryption with only about $1,000 worth of equipment.
By J. Nicholas Hoover
InformationWeek
February 20, 2008 02:30 PM
Security researchers presenting Wednesday at the Black Hat D.C. conference in Washington, D.C., demonstrated technology in development that they say will be able to greatly decrease the time and money required to decrypt, and therefore snoop on, phone and text message conversations taking place on GSM networks.
Many mobile operators worldwide use GSM networks, including T-Mobile and AT&T (NYSE: T) in the United States. The 64-bit encryption method used by GSM, known as A5/1, was first cracked in theory about 10 years ago, and researchers David Hulton and Steve, who declined to give his last name, said today that expensive equipment to help people crack the encryption has been available online for about 5 years.
Until now, however, it's been prohibitively expensive for people to get their hands on this technology. If it works, the technology Hulton and Steve are developing should be able to crack GSM encryption in less than 30 minutes with about $1,000 worth of equipment, or in about 30 seconds with $100,000 worth of equipment. The technology could potentially be helpful to law enforcement investigators, but could also be taken advantage of by malicious hackers. Hulton says he plans to commercialize the more expensive version of the technology.
Other hardware Hulton and Steve referenced uses two different techniques to snoop on GSM calls and can cost between $70,000 and $1 million. So-called "active" systems simulate a GSM base station and don't rely on encryption because they trick phones into connecting to the GSM network through them. Other, so-called "passive" systems snoop on the traffic and are far more expensive.
Hutton and Steve's technology relies on the use of an array of devices known as field programmable gate arrays to first create a table of all the possible encryption keys -- in this case 288 quadrillion -- and then decrypt each of those over the course of three months. The resulting tables of keys could then be used by software to decrypt GSM communications, which first have to be intercepted using a receiver that can listen in on GSM frequencies.
During their talk, Hulton and Steve also discussed the vulnerabilities of mobile device SIM cards, noting that GSM networks broadcast SIM cards' unique IDs in unencrypted text, which can tell attackers or law enforcement what kind of phone someone is using. The GSM network also can tell snoopers how far a phone is from a base station, within 200 meters of error. They noted that SIM cards run Java Virtual Machines that operators have access to, and suggested that it could be possible for malicious attackers to install applications on user's phones without them ever knowing, potentially rerouting traffic to a third party who listens in to phone conversations.
The GSM Association, a trade group representing more than 700 GSM operators, said it could not comment on the specific claims Hulton and Steve are making. However, spokesman David Pringle said in an e-mailed statement that while researchers have showed how A5/1 could be compromised in theory, none of their academic papers have led to "practical attack capability that can be used on live, commercial GSM networks." He also noted that more advanced encryption is beginning to be deployed for GSM networks and that other networks, including 3G networks, don't use A5/1. - tb0n3r, on 02/22/2008, -0/+12Hence the words "back door"
- meruru, on 02/22/2008, -1/+13But the Flying Spaghetti Monster is still safe right?
- prleet, on 02/22/2008, -0/+12I like dug you up, like it was so like cool.
- positron, on 02/22/2008, -1/+12Giant Spaghetti Monster? The Flying Spaghetti Monster will not be pleased...
- yabos, on 02/22/2008, -0/+11They're just jacked into ATT's network.
- linagee, on 02/22/2008, -1/+11Wait a sec... Why would the NSA need to listen to cell phones? You're still routing most calls over Mabell's networks which the NSA has been listening to for years...
- BlueSkyfish, on 02/22/2008, -0/+9Epic Fail on my part
- usrlocalbin, on 02/22/2008, -2/+11Buried.
You didn't say 'like' enough to make it accurate. :P
j/k, i Dugg you up. - tas246, on 02/22/2008, -15/+23Dugg Down, "can you hear me now" guy does CDMA.
- daninspokane, on 02/22/2008, -0/+8michael scott?
- IphtashuFitz, on 02/22/2008, -1/+9Realistically speaking, how would this affect 99% of GSM users? If somebody wants to follow me around with a van loaded with equipment to eavsedrop on me they're not going to hear anything really significant, useful, etc. I suppose it could be used to eavesdrop on celebrities, corporate executives, etc. but for the vast majority of us I just don't see this being that big a deal...
- inactive, on 02/22/2008, -2/+9Hackers 2 anyone?
- jamesvaughn, on 02/22/2008, -0/+6Damn, I just realized China, using but a fraction of its population, can assign at least one person to completely monitor each and every American.
- orangefly, on 02/22/2008, -0/+6Adamantium....
- tomz17, on 02/22/2008, -0/+6It's actually fundamentally much harder to capture CDMA traffic (independent of the encryption used)... GSM is TDMA on a specific frequency, which makes it easy pickin for a conventional radio design.
- usrlocalbin, on 02/22/2008, -1/+7Nothing is uncrackable.
You fail - StealthTomato, on 02/22/2008, -0/+6"Fewest eavesdropped calls?"
- elementop, on 02/22/2008, -0/+5You've never worked for the government, have you? They buy the cheap stuff...they just pay premium prices for it.
- inactive, on 02/22/2008, -2/+7Too bad, because government agencies are willing to pay a cool million for the hardware needed to do it. You could make a LOT of money if you DID do it.
But you can't, so go back to posting from your mother's basement. - hokie47, on 02/22/2008, -0/+5What about Verizon's CDMA?
- xOKxWhy, on 02/22/2008, -0/+5Agent Michael Scarn?
- bxblox, on 02/22/2008, -0/+5only the alloy
- lystig, on 02/22/2008, -0/+5Yup, the keywords are: terror, bush, bomb, osama, cake and allah akbar.
- FirstDigg, on 02/22/2008, -0/+5Wow, I'm sorry about that. Normally I have adblock on so I didn't see them at all. I just turned it off and I see what you mean. Sorry!
- sum33t, on 02/22/2008, -0/+4No.
- capiCrimm, on 02/22/2008, -1/+6ROT26
- drdepoy, on 02/22/2008, -0/+4CDMA uses Direct Sequence Spred Sprectrum technology that modulates the carrier by a data stream, and then a much faster Pseudo Random Noise code. If you know the PRN code the data can be demodulated easily, and anything else on the channel is filtered off as noise. This allows them to multiplex an arbitrary number of signals on the same freqeuncy, each using a differnt PRN code. If a PRN code is 32 bits, you would have to try 4 billion code combinations during the time the call was connected to intercept it.
- tas246, on 02/22/2008, -0/+4touché
- MikeSD34, on 02/22/2008, -0/+4You can easily fake an IP address too...
http://en.wikipedia.org/wiki/IP_address_spoofing - tech42er, on 02/22/2008, -0/+4That sounds like something you'd hear on a Family Guy cutscene.
- capiCrimm, on 02/22/2008, -0/+4and 'lick your', but that's just for the off days.
- inactive, on 02/22/2008, -0/+4@airforce: The real insult was conswalled's comment. It's up to him to do the research, not us to feed it to him.
- hiro, on 02/22/2008, -2/+6must HAVE
- kodek, on 02/22/2008, -0/+3Yeah, but Steve warned us about this! Homebrew applications are the devil! /sarcasm
- MiDri, on 02/22/2008, -0/+3There have been cellphone cloners for a long time, it basicly steals the id your cellphone sends to the cell tower and then it can place calls from your account.
- capiCrimm, on 02/22/2008, -0/+3want a lollipop? Normally it goes for $3, but just for you I'll throw on three zero's.
- FirstDigg, on 02/22/2008, -2/+5Yeah, but "Fewest dropped calls" or whatever at&t's slogan in doesn't work as well :)
- TheWindBlows, on 02/23/2008, -0/+3I hear they're finally deciding to add "***** THE " ... too
- typicalusername, on 02/22/2008, -2/+5Okay, usually I don't buy into a lot of stuff on the Web and fear mongering, but I'm on GSM provider. I didn't know my freaking SIM key was sent out un-encoded. That freaks me the hell out!
- mCanada, on 02/22/2008, -0/+3http://www.youtube.com/watch?v=x3XzPhdBx9g
-
Show 51 - 100 of 118 discussions
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is