Encrypted GSM Voice Calls & SMS Messages Hacked
Black Hat researchers have engineered a way to easily and cheaply crack GSM's encryptionBy Kelly Jackson Higgins
Senior Editor, Dark Reading
WASHINGTON -- BLACK HAT DC 2008 -- A pair of researchers has created a low-cost and simple hack to crack the encryption in GSM mobile phones and intercept voice conversations and SMS text messages -- within minutes.
David Hulton and a researcher who goes only by “Steve,” revealed their new technology here at Black Hat DC yesterday. It’s a combination of 2 terabytes worth of hard drives and one field programmable gate array (FPGA) -- which cost about $1,000 to construct.
The researchers claim to be the first to engineer a low-cost, “practical” attack against GSM’s A5/1 encryption algorithm. Their goal was to flag the weak security in the GSM network, but the ease with which they were able to hack it came as a surprise to them: “I was shocked when I saw the [GSM] specs floating around on the Net,” Hulton said. “We were surprised at how fast we could implement this on FGPAs…it’s just incredible speed available to anyone these days.”
Their tool hacks the voice calls and SMS messages in about 30 minutes -- a far cry from the thousands of years it would take to crack it via a PC, they say. They plan to release a commercial-grade version of the tool in the second quarter that cracks calls in 30 seconds, they say. The more FGPAs, the faster it cracks the GSM call’s encryption key, they say.
And since some GSM networks reuse the same key for 16 calls, an attacker could access all of those calls, the researchers say.
Researcher Halvar Flake, aka Thomas Dullien, says Hulton and Steve’s work is significant because it makes cracking the GSM encryption algorithm for the first time relatively simple and inexpensive to do.
“GSM is not secure, but it has to be,” Steve says. “There will be an increase in data and identity theft, tracking, and unlawful interception going on” via GSM, he says.