Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


147 posts

Master Geek
Inactive user


Topic # 56543 15-Jan-2010 23:43
Send private message

you may have heard the 2g gsm encryption was cracked, now the 3g gsm encryption has been cracked:

http://threatpost.com/en_us/blogs/second-gsm-cipher-falls-011110

is vodafone affected by this?

if i download a encrypted phonecall iphone app, will i be protected?

Create new topic
14 posts

Geek

Trusted

  Reply # 290466 16-Jan-2010 05:05
Send private message

Not sure if you read the whole report but all they have managed to do is break the math in a lab for A5/3 Kasumi weakened algorhytmn:-
"This is a nice piece of work. This is breaking the math, not just an
implementation," said cryptographer Bruce Schneier. "They found a
practical, related key attack. It's not clear whether it can break
actual traffic or whether it's useful operationally.
Related-key
attacks are a form of cryptanalysis that showed up about 10 years ago,
but they're rare in the real world because you need the related keys."


To practically do this on the Um interface (A5/3 just being the F8 part of KASUMI implemented on GSM radio interface) then your going to need a lot more 'high end' and not necessarily 'off the shelf' equipment IF Voda(NZ) actually employ A5/3 & GEA3 ciphering on there GSM air-interface. I have read previously they use A5/1 and GEA1.

As for KASUMI on Uu interface (which is  known as UEA1/UIA1 for 3G networks) I don't see a mention of them having overcome the practicalities for implementing this on W-CDMA in the report. So the 3G KASUMI cipher hasn't been practically broken on the 3G air-interface and you should be safe for a few years yet. Operators do have the option to leave CS/PS sessions wide open though with UEA0 but the signalling integrity will still be maintained with UIA1. It's highly unlikely that the NZ mobile network operator security requirements would allow this though.

As for your iPhone app is it the download which is additionally encrypted or the phone calls made by the app?

The encryption technique used by the app supplier would answer this but I would doubt if it's anything greater than AES256 so when you consider AES256 within A5/1 or A5/2 or A5/3 (on GSM) OR UEA1/UIA1 (on W-CDMA)  then it would have to be a pretty determined, resourceful and well funded group of experts who would need good reason and legal permission to be motivated enough to try and crack your app downloads or calls in NZ. Not to mention that they'd need the capability on 850, 900 & 2100Mhz as well.

Ultimately codes are there to be broken but normally you have to wait for technology to catch up enough to overcome the scale of effort required to narrow down the crack on parts of mobile networks available to the public, not to mention the cost of the equipment coming down to a reasonable level for wanabee eavesdroppers to have it as handy as their iPod on the bus!

Panic over?





________________________________________________________________________________________________________
Not one shred of evidence supports the notion that life is serious.

26628 posts

Uber Geek
+1 received by user: 6125

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 290471 16-Jan-2010 08:30
Send private message

Announcing you've compromised a cipher is one thing. Demonstrating the ability to intercept calls is another.

The CDMA air interface of UMTS makes intercepting calls significantly harder than GSM's TDMA based air interface.

450 posts

Ultimate Geek


  Reply # 293859 28-Jan-2010 12:08
Send private message

yuxek: you may have heard the 2g gsm encryption was cracked, now the 3g gsm encryption has been cracked:

http://threatpost.com/en_us/blogs/second-gsm-cipher-falls-011110

is vodafone affected by this?

if i download a encrypted phonecall iphone app, will i be protected?



Lol sorry had to laugh at this...


As posted, they cracked the cipher, no-one outside of SIGNIT divisions of Governments has successfully intercepted a GSM call. So to replicate this you would have to get your hands on some pretty amazing radio equipment, that may be tricky to import, and probably cost you a lifes wages.


As for the encrypted iphone app, I dont think the developer would using a greater encryption than the GSM providers.


Also who are you that you think that people are going to go to all this expense to intercept YOUR phone calls? 


Over the air interception would be the worst possible method of interception, considering the call travels unencrypted after it reaches the cellsite. As with police and intelligence groups, they just use hardware intercepts with you cellular provider...

14 posts

Geek

Trusted

  Reply # 293903 28-Jan-2010 13:38
Send private message


Over the air interception would be the worst possible method of interception, considering the call travels unencrypted after it reaches the cellsite. As with police and intelligence groups, they just use hardware intercepts with you cellular provider...

Slight correction there Mikey...

In (3G) W-CDMA the content ciphering takes place between Ue and RNC on the Uu interface. Only in (2G) GSM does it terminate at the BTS (Um interface). Also in 3G it is quite common to use L2VPN encryption from the RNC to MGW or SGSN for such cases where the the ATM backhaul is aquired from a 3rd party. With Mobile generation evolution operators are encouraged to prevent all but lawful interceptions to meet tighter security requirements.







________________________________________________________________________________________________________
Not one shred of evidence supports the notion that life is serious.

450 posts

Ultimate Geek


  Reply # 293910 28-Jan-2010 13:49
Send private message

Dionin,

Thanks for the clarification, 3rd parties cant be trusted!

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Hawaiki Transpacific cable ready-for-service
Posted 20-Jul-2018 11:29


Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40


Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36


Microsoft ices heated developers
Posted 6-Jul-2018 20:16


PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45


Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40


Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.