Interception of GSM Calls

There is serious vulnerability with A5/1 encryption scheme used in GSM networks. It can lead to interception of GSM calls.This vulnerability has been presented by Karsten Nohl and Chris Paget at the 26th Chaos Communication Congress (26C3). This event is the annual four-day conference organized by the Chaos Computer Club (CCC). It took place from December 27th to December 30th 2009 at the bcc Berliner Congress Center in Berlin, Germany.

Citation from CCC Web site:

The world’s most popular radio system has over 3 billion handsets in 212 countries and not even strong encryption. Perhaps due to cold-war era laws, GSM’s security hasn’t received the scrutiny it deserves given its popularity. This bothered us enough to take a look; the results were surprising.

From the total lack of network to handset authentication, to the “Of course I’ll give you my IMSI” message, to the iPhone that really wanted to talk to us. It all came as a surprise – stunning to see what $1500 of USRP can do. Add a weak cipher trivially breakable after a few months of distributed table generation and you get the most widely deployed privacy threat on the planet.

Cloning, spoofing, man-in-the-middle, decrypting, sniffing, crashing, DoS’ing, or just plain having fun. If you can work a BitTorrent client and a standard GNU build process then you can do it all, too. Prepare to change the way you look at your cell phone, forever.

Slides are here.

Track repository is here. It implements attack on the A5/1 cipher.

Torrents are here.

Note 1: This in not advocating exploiting weaknesses but rather wanting to inform about the fact that GSM calls are already being intercepted and decrypted using commercial tools.

Note 2: Links above are active in moment of writing this blog post. It is possible that some of them can be recalled or inactive from various reasons.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.