Jul
30
2010
0

GSM Mobile Phone Security Practically Dead.

GSM Mobile Phone Security is now practically dead. Anyone with a spare couple of grand can now do what was previously the exclusive preserve of national security agencies. Previously you’d have to spend £100K and prove you were a suitable government-grade customer.

According to the theregister.co.uk’s security pages, several talks at the Black Hat security conference in Las Vegas this week will take GSM hacking down to the script-kiddie level – all you need is enough cash for a modified USRP USB radio peripheral & a 2000GB hard drive to store the rainbow lookup tables.

With that kit you can grab big chunks of the mobile phone spectrum in real time and target individual IMSI numbers. The researchers reckon that 80% of mobile traffic passes over the old A5/1 GSM system. A5/3 & 3G phones should still be considered secure. But remember if your 3G phone isn’t near a strong signal it will be stepping back down to A5/1 anyway.

Think about all those corporate espionage guys out there, they must be salivating like crazy. The rainbow lookup tables are a hefty download at 2TB, but if you’re prepared to travel to Oslo, The Register reports that Frank A. Stevenson (guy who cracked the CSS encryption scheme on DVDs) will swop you a blank drive for one with the rainbow tables on. (Rainbow Tables are lookup tables with the answers to all the possible challenge answers for the GSM A5/1 algorithm – this saves lots of time working each one out indivdually, and crucially makes near real-time decryption possible).

Of course the GSM Alliance makes light of all this, still calling it theoretical – and in some ways they have a point, it’s not like you can do this on an old reprogrammed Nokia 3310 after all!

When Dect (the cordless phone you use at home) was hacked last year we didn’t see UK identity thieves having a field day, gathering up bank pins etc. Only a couple of thousand of the PCMCIA Dect cards were in circulation, and most were probably bought up by security researchers quite quickly. So the hardware to hack Dect became expensive & you had to be able to configure a Linux laptop yourself to use it – the barrier to entry was therefore set high.

With GSM it’s even higher. You needs lots of Linux knowledge & £1000 worth of USRP radio hardware + soldering skills too. Sure organised criminals, corporate spies & bent media companies will use this technology to spy on the rich and famous, but it won’t become a massive problem in the UK. If anything, it will just speed along the adoption of 3G smartphones.

I wonder where Karsten Nohl & friends will be heading next with their USRPs? Dect cracked last year, this year GSM. Airwave/Tetra next year, maybe?

http://en.wikipedia.org/wiki/IMSI-catcher

Written by owner in: DECT,GSM |
Jul
30
2010
0

Wired Magazine August 2010 IED Article.

There’s an interesting piece by Adam Higginbotham in this months US edition of Wired magazine.

It’s all about the US military’s escalating game of wits with insurgents in Iraq & Afganistan.

The biggest problem for the US isn’t AK47s or rocket launchers, it’s IEDs – Improvised Explosive Devices or roadside bombs. These cause more mayhem & carnage than anything else, and are built for peanuts.

It’s not the explosives aspect that caught my eye, rather the ingenious ways that they are triggered. Anything which can send a wireless signal is fair game: garage door openers, remote doorbells, cell phones, walkie-talkies, CB radios. The US’s answer to this was to buy radio jammers, 40,000 of them in fact for Iraq alone. Then the insurgents start to use Frequency Counters as triggering devices – because they detect the jammers. Then they move to using PIRs that pick up the heat signature of the Humvees. Then a US army officer decides to stick a toaster on a 10 foot pole on the front of his Humvee, to confuse the PIR. Then the insurgents set the IEDs to target back 10 feet from the heat signature. Any so it goes on… it’s almost comical… like Road Runner & Wile E. Coyote. Except of course, it’s not funny at all.

Page 138 of Wired’s August 2010 US edition.

Jul
16
2010
0

Steve Jobs Admits Problems with iPhone V4.

Steve Jobs gave a video interview today with Sky News that admits that not all their products are perfect. This of course is all about the iPhone4. Apple have sold 3 million units in 22 days – which is a million a week.

Steve refers to the problem with iPhone 4 as ‘Antenna-Gate’. Apple have now said they’ll issue rubber iphone covers to anyone having a problem, or they can have their money back if they prefer.

The price gap between Apple smartphones and HTC Android phone is huge. A second hand iPhone 3G costs £250 from eBay, but a comparable and equally functional HTC G1 can be had for less than £100. Apple have a huge cash-cow franchise with the iPhone G4, and good luck to them, they deserve it all.

Just remember Steve J, it’s Woz that helped put you where you are today…

Written by owner in: Uncategorized |

Theme: TheBuckmaker.com Premium WordPress Themes | InMotion, Gesundheit