Broken by design
The standard encryption algorithm that is supposed to protect GSM mobile telephone calls from eavesdropping has long been known to be weak. Today, the technology to crack GSM’s standard encryption algorithm is accessible even to amateurs at moderate cost. Recent public demonstrations of practical low-cost attacks on GSM’s standard A5/1 encryption algorithm have underlined just how vulnerable mobile phone calls have become.
While the cryptographic weakness of the most widely used GSM algorithm A5/1 has been known for quite some time, in the year 2009 the technology to exploit the weakness has leapfrogged.
Using so called Rainbow Tables – a technique to precompute large parts of the calculations needed to actually break the algorithm – and the massively increased computing power of high-end graphic cards, the technology to listen in into GSM calls has actually become available to interested amateurs.
The Rainbow Tables can be acquired from the Internet, the necessary software-defined radio wide-band receiver can be procured commercially for only a few thousand Euro. The decoding software is available as open source and is steadily improving. The current state of the proof-of-concept project has been demonstrated by the researchers Karsten Nohl and Chris Paget at the 26C3 conference in December 2009 in Berlin. A video of the presentation can be watched here.
“People just don’t realise how broken GSM has become.”
Passive GSM Interception
Passive GSM interception systems allow an attacker to eavesdrop on mobile telephone calls using only passive methods, i.e. equipment that only receives, but does not transmit and that is thus undetectable for the victim. Undetectable and highly portable, passive interception systems are used either for intercepting the radio link between a mobile phone and a base station, or between a base station and other network components.
A wide range of passive interception devices is available for governmental as well as private entities. Due to the non-detectability of the devices, although the usage is forbidden, the number of devices for passive interception can hardly be underestimated. The availability of software-components for normal radio scanners to intercept GSM communication has already begun. With continuing downward trends in cost, passive GSM interception equipment has become very accessible even for attackers with very modest financial and technical resources.
GSMK CryptoPhones protect against the interception of call contents with passive GSM interception systems.
Active GSM Interception
Active GSM interception systems allow an attacker to actively interfere in communications between mobile phones and base stations by means of a so-called IMSI-catcher, in essence a transmitter and receiver that simulates the functionality of a GSM base station. Recent attack methods involve spoofing so-called femtocells to feign that you are the user’s mobile network provider, while in fact you are taking over his network traffic.
An IMSI-catcher is a device that can be used to determine the electronic identities of all phones in its vicinity. Most IMSI-Catchers also come with the ability to listen into calls directly. The electronic identity consists of the so called International Mobile Subscriber Identity (IMSI), which is associated with your SIM card and the International Mobile Equipment Identifier (IMEI), which is the serial number of your phone. With the IMSI your calls can be easily identified at any point in the telephone network and targeted for interception and traffic analysis. A IMSI-catcher is frequently used if the attacker does not know the telephone number of the victim or wants to illegally intercept calls.
The IMSI-catcher performs a so called man-in-the-middle-attack, putting itself between you and the network. It is essentially a small GSM base station that forces your phone to use it instead of the real network, determines your IMSI, and can then be used to disable or degrade the GSM encryption mode while transmitting your call on to the legitimate network. This mode of operation allows the attacker to directly listen into your calls. He can also disable your phone service and intercept or fake SMS messages to and from your phone.
At this moment we know of at least six different companies producing IMSI-catcher devices, and the list is growing rapidly. For a company manufacturing GSM test equipment, developing IMSI-catchers is a trivial task. See our link section for examples of publicly available IMSI-catcher equipment.
Even when IMSI-catchers are used by legitimate law-enforcement agencies, they frequently affect a high number of calls that are not their target. The resulting number of unintended intercepts is called “by-catch” and is frequently used for all sorts investigations, especially popular with tax authorities in some countries.
GSMK CryptoPhones protect against the interception call contents with an IMSI catcher.
(Mobile) GSM Interception GSM Interception System Scandeas
(Stationary, passive) PGIS 900/1800 Passive GSM Intercept PGIS
(Passive) GSM Interception / GSM Monitoring System STL-5020 Secur Telecommunication Ltd.
(Active and passive) GSM Interception GSM Monitoring systems GCOM Technologies
Interception of cellular networks GSM Workshop SypZone
GSM interception System GSM Interception System Accelerated Promotions
Interception of cellular networks GSM Monitoring Seminars GCOM/Spyzone
GSM GSM Comstrac
GSM DPL-2060 DPL Surveillance Equipment
SIM Security COMP128 SIM Clone KIT Access Technologie