Does your wireless telephone carrier use GSM? I use T-Mobile in the USA and AIS 12Call while in Thailand. Both of these cellular providers use the Global System for Mobile Communications (GSM) stardard. In fact, GSM is the most widely used wireless standard in the world.
If you also use a GSM carrier, you might want to be a bit more careful about what you say and text from now on. The BBC recently ran a story about Karsten Nohl and Sylvain Munaut, security researchers that demonstrated a cheaply made tool that can eavesdrop on any GSM mobile call or text message.
For those of you that are aware of security problems that have existed on GSM networks for a while, this probably doesn’t come as much of a surprise. The encryption algorithms have been cracked and GSM rainbow tables were created that significantly reduce the amount of time it takes to decrypt GSM communications.
The rainbow tables have been available for just over a year but it was only this week that a method was demonstrated to actually circumvent GSM encryption in real-time. While it is true that carriers have special equipment to eavesdrop on calls, the hardware and software is very expensive (upwards of $50,000) and difficult to acquire. The home-made eavesdropping tool cost the researchers under $20 to build. While both Nohl and Munaut stated that their methods would not be made public, this will not be the end of the story. Now that the cost barrier of eavesdropping has been eliminated, you will likely see others willing to spend time to duplicate the researchers methods.
In all likelihood, this exploit can be fixed on GSM networks. Unfortunately, the GSM Association (GSMA), a collation made up of around 800 mobile phone carriers still has not commented on the news or made any indication that a patch is in the works. Given that eavesdropping equipment can be made for under $20 should light a fire under the GSMA to finally fix this long-existing security issue. Otherwise, we’ll have to go back to the old tin can and string method for secure communications.
Article first published as Low Cost Cellular Eavesdropping. Be Careful What You Say! on Technorati.
, we have to use asymmetric eipoyctnrn.How do authenticate the networks and avoid MITM is a difficult one since it’s almost impossible to tell a stranger that is honest from one that is not (more so when dealing with electronics instead of humans). This is the major problem and would require some authentification scheme that I think would need a central database (or several) or WoT to solve.At minimum every router should have a static keypair. Clients could choose if they want to have one static keypair for every network, random keys every time, or to have some static keys linked to chosen networks (such as a dedicated keypair for your own home network to authenticate to it). (Static keys for clients could have some privacy risks if they would be broadcasted before the client know that the router they are connecting to is the real one, so I think that random keys should be used when connecting to networks before the client authenticates itself. The authentification model of TCPcrypt happens to be similiar.)A possible method would be Qr codes or RFID/NFC tags that router owners could place where they can’t be altered easily (like inside of windows), they could include public crypto keys and relevant details. Then it would be easier to link the network to a trustable entity.