The secret code that protects cell phones has been cracked and set loose.
At a hacker conference in Berlin that runs through Wednesday, the cryptographers said they’ve cracked the algorithm that determines the random channel hopping and have devised a practical means to capture entire calls using equipment that costs about $4,000. At the heart of the crack is open-source software for computer-controlled radios that makes the frequency changes at precisely the same time, and in the same order, that the cellphone and base station do.
“We now know this is possible,” said Karsten Nohl, a 28-year-old cryptographer and one of the members of an open-source project out to prove that GSM, the technical standard used by about 80 percent of the mobile market, can’t be counted on to keep calls private. The attack “is practical, and there are real vulnerabilities that people are exploiting.”
The channel-hopping crack comes as the collective is completing the compilation of a rainbow table that allows them to decrypt calls as they happen. The table works because GSM encryption uses A5/1, a decades-old algorithm with known weaknesses. The table – a 2-terabyte list of known results that allows cryptographers to deduce the unique key that encrypts a given conversation – was developed by volunteers around the globe using giant clusters of computers and gaming consoles.
A bare-bones attack can be pulled off with a PC with a medium-end graphics card, a large hard drive, two USRP2 receivers and the channel-hopping software. Under normal conditions, it will take a few minutes of conversation before eavesdroppers have collected enough data to break the encryption. Because the calls are recorded and played back later, the entire contents of a conversation can still be captured.
You can obtain the slides here [PDF]. There is a 3 part video torrent of the talk as well:
Here is a link to the GSM Rainbow Tables torrents, they are 2-3gb each and the cracking program trac/svn is here.
