GSM Alliance downplays seriousness of GSM project

GSM Alliance downplays seriousness of GSM project

In a statement addressing the news over Karsten Nohl’s project to target the A5/1 vulnerability in GSM-based transmissions, the GSM Alliance said that the research is a long way from being a practical attack on GSM. Moreover, the GSMA feels that there were commercial considerations behind the projects goals

The GSMA said that they welcome research designed to improve the security of communications networks, but at the same time added that the theoretical compromise presented at the Black Hat conference “…requires the construction of a large look-up table of approximately 2 Terabytes – this is equivalent to the amount of data contained in a 20 kilometre high pile of books.”

So the GSMA says that because the lookup table would be rather large, the effort to make one would be too great. In our story covering the A5/1 vulnerability, Karsten Nohl explained to us how this massive lookup table would be dealt with.

First off, the project will use the power of grid computing. Each person in the project will use fast GPUs for the generation of, and lookup of, the nodes own table. In addition, they will donate small portions of disk space to house part of the Rainbow Table that will be created and used to crack A5/1. Once the table is complete, it will be made available to anyone who wants it.

As the project members finish their part of the process, the hope is that they will upload their completed tables to anonymous repositories and share them with BitTorrent. The process will be organic, Nohl explained, “…these tables will just popup in random places.”

In reality, once the project is successful, all anyone would need is some RF equipment, a $500 USD laptop, and the personal drive to sit in a location for awhile to scan GSM traffic to pull off an attack.

“However, before a practical attack could be attempted, the GSM call has to be identified and recorded from the radio interface. So far, this aspect of the methodology has not been explained in any detail and we strongly suspect the team developing the intercept approach has underestimated its practical complexity,” the GSMA statement says.

“I'm puzzled by the GSMA's attempt to hide behind the alleged inability of hackers to snoop GSM traffic,” Nohl said in a statement emailed to The Tech Herald and two other reporters.

He pointed out that the A5/1 technology is over twenty years old and shipped with billions of handsets across the globe. “The GSMA should take the hacker community and its current interest in GSM technology more serious.”

In direct response to the comment from the GMSA, where it was hinted that the team developing the A5/1 intercept approach underestimated its practical complexity, we asked Nohl if he could expand any on the existing information regarding the complexity of the GSM network.

We asked, because if you shift through the documentation, notes, and research from both The Hackers Choice and Nohl’s project (which is a reimplementation of the THC work), you can see that the project members clearly understand the complexities of GSM and the A5/1 vulnerability.

“The Airprobe project and related projects have made huge progress in the few months they have been investigating GSM. Our timeline for computing the A5/1 code book is roughly aligned with other projects' timelines for snooping GSM traffic,” Nohl said.

Another puzzling aspect to the GSMA statement is the insistence that the A5/1 Rainbow Table project, or the others related to the A5/1 vulnerability, are commercially motivated.

“A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data. The complex knowledge required to develop such software is subject to intellectual property rights, making it difficult to turn into a commercial product,” the GSMA said, adding in their conclusion that they consider the research to be motivated in part by commercial considerations.

So we asked Nohl about that as well. Are there commercial aspects to his project?

“The project members have no commercial interest, whatsoever. Others affiliated with the CCCB, though, sell crypto phones and would like to see the security of GSM to be shown to be as weak as it is. When setting up these projects we made sure not to include any of these interests,” he explained to us.

The GSM Alliance asserts that because of Intellectual Property, and the complexity of GSM itself, there is little to worry about. They also mention that A5/1 has proven to be a very effective and resilient privacy mechanism.

At the same time, there is work to improve the security of GSM-based networks. “The GSMA has been working to further enhance privacy protection on GSM networks and has developed a new high-strength algorithm, A5/3… This new privacy algorithm is being phased in to replace A5/1.”

Nohl commented that he and the other project members are, “…glad that the GSMA has also joined the discussion on how to make GSM more secure. Adopting 3G's better security for GSM seems very reasonable.”

Yet, when the GSMA statement pointed out that carriers could, if it ever proved necessary, quickly alter GSM configurations to make the interception and deciphering of calls considerably harder, Nohl takes the stance of, “…do it then…” asking, “Why would you wait knowing that this weakness is already being exploited?”

The use of A5/3 is already spreading across the mobile footprint here in the US. A5/3 is used predominately in 3G networks, but in the case of carriers like AT&T, 3G is only partially implemented. AT&T carries the voice side of their network on GSM, and the data side of things is 3G. This means they are using both A5/1 and A5/3.

In a previous article on the A5/1 vulnerability project, we asked Nohl about AT&T and the iPhone. “AT&T has the ability to switch the iPhone to 3G on voice and data,” Nohl explained, but only for the iPhone 3G handsets. The problem is that, before AT&T moves customers over to 3G to avoid the weakness in A5/1, they would need to admit that there is a problem on their 2G voice network, something Nohl notes is highly unlikely.

“The proposal has been around for a long time to include the 3G cipher in the 2G standard,” Nohl said. Yet, despite the proposal, nothing has changed. “Hopefully the discussion over GSM’s current insecurity will prompt the debate of adopting the better 3G security for GSM,” he added.

More information on the Rainbow Table project is here. The previous interview with Karsten Nohl concerning the A5/1 vulnerability by The Tech Herald is here.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Awesome Stuff Made Out Of Car Parts

An awesome picture has started doing the rounds showing a bathroom with sinks made out of car tires and faucets created from gas pumps. It’s the ideal bathroom for any discerning car nut. That got us thinking — what other stuff is there made out of car parts and car paraphernalia. Here are some of the coolest […]

Range Rover Evoque Convertible Confirmed

Land Rover has officially confirmed that the Range Rover Evoque Convertible will go on sale in 2016. The company released some publicity photos showing a prototype of the Evoque Convertible driving through train tunnels under construction in London. The company says use of the Crossrail tunnels let them test the convertible in privacy. A Land […]

Mercedes-AMG GT3 Racing Car to Debut at Geneva Motor Show

The company says the standard Mercedes-AMG GT already provides the ideal base for the race model, with low centre of gravity, good weight distribution and wide track width.The driver sits on a carbon-fibre seat pan and is protected by a roll-over cage made from high-tensile steel.The engine cover, doors, front wing, sidewalls, side skirts, diffuser, […]

Lamborghini Aventador Wallpaper

Lamborghini Aventador wallpaper for your desktop or mobile device. The Aventador LP 700–4  has a 6.5 liter V12 that will go 0–60 mph in  2.9 seconds and take you all the way to 220mph and maybe beyond.Each image links to a page with multiple sizes of wallpaper you can download.

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in the photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a university in the UK told the BBC that it was impossible to see what other people see but that it […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]