Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




147 posts

Master Geek
Inactive user


Topic # 56543 15-Jan-2010 23:43
Send private message

you may have heard the 2g gsm encryption was cracked, now the 3g gsm encryption has been cracked:

http://threatpost.com/en_us/blogs/second-gsm-cipher-falls-011110

is vodafone affected by this?

if i download a encrypted phonecall iphone app, will i be protected?

Create new topic
14 posts

Geek

Trusted

  Reply # 290466 16-Jan-2010 05:05
Send private message

Not sure if you read the whole report but all they have managed to do is break the math in a lab for A5/3 Kasumi weakened algorhytmn:-
"This is a nice piece of work. This is breaking the math, not just an
implementation," said cryptographer Bruce Schneier. "They found a
practical, related key attack. It's not clear whether it can break
actual traffic or whether it's useful operationally.
Related-key
attacks are a form of cryptanalysis that showed up about 10 years ago,
but they're rare in the real world because you need the related keys."


To practically do this on the Um interface (A5/3 just being the F8 part of KASUMI implemented on GSM radio interface) then your going to need a lot more 'high end' and not necessarily 'off the shelf' equipment IF Voda(NZ) actually employ A5/3 & GEA3 ciphering on there GSM air-interface. I have read previously they use A5/1 and GEA1.

As for KASUMI on Uu interface (which is  known as UEA1/UIA1 for 3G networks) I don't see a mention of them having overcome the practicalities for implementing this on W-CDMA in the report. So the 3G KASUMI cipher hasn't been practically broken on the 3G air-interface and you should be safe for a few years yet. Operators do have the option to leave CS/PS sessions wide open though with UEA0 but the signalling integrity will still be maintained with UIA1. It's highly unlikely that the NZ mobile network operator security requirements would allow this though.

As for your iPhone app is it the download which is additionally encrypted or the phone calls made by the app?

The encryption technique used by the app supplier would answer this but I would doubt if it's anything greater than AES256 so when you consider AES256 within A5/1 or A5/2 or A5/3 (on GSM) OR UEA1/UIA1 (on W-CDMA)  then it would have to be a pretty determined, resourceful and well funded group of experts who would need good reason and legal permission to be motivated enough to try and crack your app downloads or calls in NZ. Not to mention that they'd need the capability on 850, 900 & 2100Mhz as well.

Ultimately codes are there to be broken but normally you have to wait for technology to catch up enough to overcome the scale of effort required to narrow down the crack on parts of mobile networks available to the public, not to mention the cost of the equipment coming down to a reasonable level for wanabee eavesdroppers to have it as handy as their iPod on the bus!

Panic over?





________________________________________________________________________________________________________
Not one shred of evidence supports the notion that life is serious.

25579 posts

Uber Geek
+1 received by user: 5358

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 290471 16-Jan-2010 08:30
Send private message

Announcing you've compromised a cipher is one thing. Demonstrating the ability to intercept calls is another.

The CDMA air interface of UMTS makes intercepting calls significantly harder than GSM's TDMA based air interface.

 
 
 
 


450 posts

Ultimate Geek


  Reply # 293859 28-Jan-2010 12:08
Send private message

yuxek: you may have heard the 2g gsm encryption was cracked, now the 3g gsm encryption has been cracked:

http://threatpost.com/en_us/blogs/second-gsm-cipher-falls-011110

is vodafone affected by this?

if i download a encrypted phonecall iphone app, will i be protected?



Lol sorry had to laugh at this...


As posted, they cracked the cipher, no-one outside of SIGNIT divisions of Governments has successfully intercepted a GSM call. So to replicate this you would have to get your hands on some pretty amazing radio equipment, that may be tricky to import, and probably cost you a lifes wages.


As for the encrypted iphone app, I dont think the developer would using a greater encryption than the GSM providers.


Also who are you that you think that people are going to go to all this expense to intercept YOUR phone calls? 


Over the air interception would be the worst possible method of interception, considering the call travels unencrypted after it reaches the cellsite. As with police and intelligence groups, they just use hardware intercepts with you cellular provider...

14 posts

Geek

Trusted

  Reply # 293903 28-Jan-2010 13:38
Send private message


Over the air interception would be the worst possible method of interception, considering the call travels unencrypted after it reaches the cellsite. As with police and intelligence groups, they just use hardware intercepts with you cellular provider...

Slight correction there Mikey...

In (3G) W-CDMA the content ciphering takes place between Ue and RNC on the Uu interface. Only in (2G) GSM does it terminate at the BTS (Um interface). Also in 3G it is quite common to use L2VPN encryption from the RNC to MGW or SGSN for such cases where the the ATM backhaul is aquired from a 3rd party. With Mobile generation evolution operators are encouraged to prevent all but lawful interceptions to meet tighter security requirements.







________________________________________________________________________________________________________
Not one shred of evidence supports the notion that life is serious.

450 posts

Ultimate Geek


  Reply # 293910 28-Jan-2010 13:49
Send private message

Dionin,

Thanks for the clarification, 3rd parties cant be trusted!

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UFB killer app: Speed
Posted 17-Nov-2017 17:01


The case for RSS — MacSparky
Posted 13-Nov-2017 14:35


WordPress and Indieweb: Take control of your online presence — 6:30 GridAKL Nov 30
Posted 11-Nov-2017 13:43


Chorus reveals technology upgrade for schools, students
Posted 10-Nov-2017 10:28


Vodafone says Internet of Things (IoT) crucial for digital transformation
Posted 10-Nov-2017 10:06


Police and Facebook launch AMBER Alerts system in NZ
Posted 9-Nov-2017 10:49


Amazon debuts Fire TV Stick Basic Edition in over 100 new countries
Posted 8-Nov-2017 05:34


Vodafone VoIP transition to start this month
Posted 7-Nov-2017 12:33


Spark enhances IoT network capability
Posted 7-Nov-2017 11:33


Vocus NZ sale and broadband competition
Posted 6-Nov-2017 14:36


Hawaiki reaches key milestone in landmark deep-sea fibre project
Posted 4-Nov-2017 13:53


Countdown launches new proximity online shopping app
Posted 4-Nov-2017 13:50


Nokia 3310 to be available through Spark New Zealand
Posted 4-Nov-2017 13:31


Nest launches in New Zealand
Posted 4-Nov-2017 12:31


Active wholesale as Chorus tackles wireless challenge
Posted 3-Nov-2017 10:55



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.