3g gsm cipher cracked

Forums › One NZ (including Farmside) › 3g gsm cipher cracked

yuxek

147 posts

Master Geek
Inactive user

#56543 15-Jan-2010 23:43

you may have heard the 2g gsm encryption was cracked, now the 3g gsm encryption has been cracked:

http://threatpost.com/en_us/blogs/second-gsm-cipher-falls-011110

is vodafone affected by this?

if i download a encrypted phonecall iphone app, will i be protected?

Dionin

14 posts

Geek

Trusted

#290466 16-Jan-2010 05:05

Not sure if you read the whole report but all they have managed to do is break the math in a lab for A5/3 Kasumi weakened algorhytmn:-
"This is a nice piece of work. This is breaking the math, not just an
implementation," said cryptographer Bruce Schneier. "They found a
practical, related key attack. It's not clear whether it can break
actual traffic or whether it's useful operationally. Related-key
attacks are a form of cryptanalysis that showed up about 10 years ago,
but they're rare in the real world because you need the related keys."

To practically do this on the Um interface (A5/3 just being the F8 part of KASUMI implemented on GSM radio interface) then your going to need a lot more 'high end' and not necessarily 'off the shelf' equipment IF Voda(NZ) actually employ A5/3 & GEA3 ciphering on there GSM air-interface. I have read previously they use A5/1 and GEA1.

As for KASUMI on Uu interface (which is known as UEA1/UIA1 for 3G networks) I don't see a mention of them having overcome the practicalities for implementing this on W-CDMA in the report. So the 3G KASUMI cipher hasn't been practically broken on the 3G air-interface and you should be safe for a few years yet. Operators do have the option to leave CS/PS sessions wide open though with UEA0 but the signalling integrity will still be maintained with UIA1. It's highly unlikely that the NZ mobile network operator security requirements would allow this though.

As for your iPhone app is it the download which is additionally encrypted or the phone calls made by the app?

The encryption technique used by the app supplier would answer this but I would doubt if it's anything greater than AES256 so when you consider AES256 within A5/1 or A5/2 or A5/3 (on GSM) OR UEA1/UIA1 (on W-CDMA) then it would have to be a pretty determined, resourceful and well funded group of experts who would need good reason and legal permission to be motivated enough to try and crack your app downloads or calls in NZ. Not to mention that they'd need the capability on 850, 900 & 2100Mhz as well.

Ultimately codes are there to be broken but normally you have to wait for technology to catch up enough to overcome the scale of effort required to narrow down the crack on parts of mobile networks available to the public, not to mention the cost of the equipment coming down to a reasonable level for wanabee eavesdroppers to have it as handy as their iPod on the bus!

Panic over?

________________________________________________________________________________________________________
Not one shred of evidence supports the notion that life is serious.

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#290471 16-Jan-2010 08:30

Announcing you've compromised a cipher is one thing. Demonstrating the ability to intercept calls is another.

The CDMA air interface of UMTS makes intercepting calls significantly harder than GSM's TDMA based air interface.

MikeyPI

450 posts

Ultimate Geek

#293859 28-Jan-2010 12:08

yuxek: you may have heard the 2g gsm encryption was cracked, now the 3g gsm encryption has been cracked:

http://threatpost.com/en_us/blogs/second-gsm-cipher-falls-011110

is vodafone affected by this?

if i download a encrypted phonecall iphone app, will i be protected?

Lol sorry had to laugh at this...

As posted, they cracked the cipher, no-one outside of SIGNIT divisions of Governments has successfully intercepted a GSM call. So to replicate this you would have to get your hands on some pretty amazing radio equipment, that may be tricky to import, and probably cost you a lifes wages.

As for the encrypted iphone app, I dont think the developer would using a greater encryption than the GSM providers.

Also who are you that you think that people are going to go to all this expense to intercept YOUR phone calls?

Over the air interception would be the worst possible method of interception, considering the call travels unencrypted after it reaches the cellsite. As with police and intelligence groups, they just use hardware intercepts with you cellular provider...

Dionin

14 posts

Geek

Trusted

#293903 28-Jan-2010 13:38

Over the air interception would be the worst possible method of interception, considering the call travels unencrypted after it reaches the cellsite. As with police and intelligence groups, they just use hardware intercepts with you cellular provider...

Slight correction there Mikey...

In (3G) W-CDMA the content ciphering takes place between Ue and RNC on the Uu interface. Only in (2G) GSM does it terminate at the BTS (Um interface). Also in 3G it is quite common to use L2VPN encryption from the RNC to MGW or SGSN for such cases where the the ATM backhaul is aquired from a 3rd party. With Mobile generation evolution operators are encouraged to prevent all but lawful interceptions to meet tighter security requirements.

________________________________________________________________________________________________________
Not one shred of evidence supports the notion that life is serious.

MikeyPI

450 posts

Ultimate Geek

#293910 28-Jan-2010 13:49

Dionin,

Thanks for the clarification, 3rd parties cant be trusted!