GSM cell phone calls use outdated encryption that can now be cracked with rainbow tables on a PC

Decrypting GSM phone calls

Motivation. GSM telephony is the world’s most popular communication technology spanning most countries and connecting over four billion devices. The security standards for voice and text messaging date back to 1990 and have never been overhauled. Our GSM Security Project creates tools to test and document vulnerabilities in GSM networks around the world so to ignite the discussion over whether GSM calls can and should be secured. The project is summarized in this BlackHat 2010 presentation.

Recording calls. GSM data can be recorded off the air using, for example, a programmable radio such as the USRP. GnuRadio provides the tools to record channels while Airprobe’s gsm-receiver decodes the control traffic and—in scenarios where no encryption is used or where the encryption key is known—also decodes voice traffic.

Cracking A5/1. When GSM uses A5/1 encryption, the secret key can be extracted from recorded traffic. Given two encrypted known plaintext messages, the Kraken utility that runs on a PC finds the secret key with around 90% probability within seconds in a set of rainbow tables. Our current table set took 2 months to compute and contains 40 tables for a total of 2TB. Further details on cracking A5/1 using rainbow tables are provided in this white paper: Attacking Phone Privacy.

Defenses. Short term protocol patches already exists that make cracking much harder by not disclosing known plaintext unnecessarily (3GPP TS44.006, Section 5.2). These patched should be deployed with high priority. In the long term, GSM (2G) will not provide sufficient security and stronger alternatives such as UMTS (3G) and LTE (4G) should be preferred.

Tools. The following tools are used to analyze voice calls

 

    • GnuRadio is included in recent Linux distributions
      Recording data requires a programmable radio receiver such as the USRP
    • Airprobe is available through:  git clone git://git.gnumonks.org/airprobe.git
      Please follow this tutorial to decode GSM traffic with Airprobe
    • Kraken is available through:  git clone git://git.srlabs.de/kraken.git
      Background on Kraken’s rainbow tables are provided on the project web page
      Kraken uses rainbow tables that are available through Bittorrent.

Please use these tools carefully and never intentionally record other people’s conversations. We do encourage you to use them to test the security of your cell phone service and discuss your results on the project mailing list.

时间: 2024-11-14 12:49:42

GSM cell phone calls use outdated encryption that can now be cracked with rainbow tables on a PC的相关文章

J2ME and Location-Based Services

services J2ME and Location-Based Services Print-friendly Version Location-based services (LBS) provide users of mobile devices personalized services tailored to their current location. They open a new market for developers, cellular network operators

在SQL*PLUS中应用AUTOTRACE REPORT

  在SQL*PLUS中应用AUTOTRACE REPORT   作者:刘颖博 时间:2004-1-12 mail:liuyingbo@126.com,请指正   转载请注明出处及作者     在SQL*PLUS中,当你成功的执行一个DML语句,比如SELECT, DELETE, UPDATE ,INSERT,你可以通过SQL优化器和语句的执行统计自动的获得一份报告.这份报告对于DML语句的性能监控和调优都是很有用处的.这份报告就是本文要讲的AUTOTRACE 报告.   配置AUTOTRACE

C#程序通过模板自动创建Word文档

原文:C#程序通过模板自动创建Word文档 引言:这段时间有项目要用到c#生成Word文档,通过网络查找到很多内容,但是功能上满足不了个人需求,于是决定借助网友们已经写好的代码,加以修改完善,以便于更好的交流和以后相似问题可以迅速的解决! 备注:本文用到的相关文件,在日志结尾提供下载 ? 第一步.项目基础--引用的添加 ?? 注意:此处要查找的"Microsoft.Office.Interop.Word.dll"版本必须为"11.*.*.*","*&quo

基于SpringMVC+Bootstrap+DataTables实现表格服务端分页、模糊查询_javascript技巧

前言 基于SpringMVC+Bootstrap+DataTables实现数据表格服务端分页.模糊查询(非DataTables Search),页面异步刷新. 说明:sp:message标签是使用了SpringMVC国际化 效果 DataTable表格 关键字查询 自定义关键字查询,非DataTable Search 代码 HTML代码 查询条件代码 <!-- 查询.添加.批量删除.导出.刷新 --> <div class="row-fluid"> <di

详解免费高效实用的.NET操作Excel组件NPOI(.NET组件介绍之六)_实用技巧

很多的软件项目几乎都包含着对文档的操作,前面已经介绍过两款操作文档的组件,现在介绍一款文档操作的组件NPOI. NPOI可以生成没有安装在您的服务器上的Microsoft Office套件的Excel报表,并且在后台调用Microsoft Excel ActiveX更有效率;从Office文档中提取文本,以帮助您实现全文索引功能(大多数时候,此功能用于创建搜索引擎): 从Office文档提取图像: 生成包含公式的Excel工作表.  一.NPOI组件概述: NPOI是完全免费使用: 涵盖Exce

剖析 GSM 加密机制以及位置更新的过程

你有没有想过打开手机时会发生什么?它是如何以安全的方式与网络进行通信?几乎所有人都知道TCP / IP,并且可能许多人还是专家,但是谈到电信方面,很少有人知道它的内部原理. gsm中的消息结构是什么?它使用的加密类型是什么?因此,今天我们将详细介绍gsm的加密标准,以及手机如何更新移动网络的位置. 当你打开手机发生了什么? 当您打开手机时,它首先启动其无线电资源和移动管理程序. 手机通过SIM或网络接收附近地区支持的频率列表. 它根据功率级别和移动提供商在一个单元上存储.之后,它会对认证发生的网

如何利用 LTE/4G 伪基站+GSM 中间人攻击攻破所有短信验证 ,纯干货!| 硬创公开课

   这次公开课请来的嘉宾对自己的简介是: 连续创业失败的创业导师: 伪天使投资人: 某非知名私立大学创办人兼校长: 业余时间在本校通信安全实验室打杂. 自从他在黑客大会上演讲<伪基站高级利用技术--彻底攻破短信验证码>后,黑产就盯上了这项技术.他们给能仿制这项攻击方法的人开价保底一个月 200 万元,外加分成. 这个攻击方法其实1秒钟可以血洗很多个银行账号.他说,保守估计一小时能带来 7000 万元的黑产产值.但是,他并不是为了钱.他的原话是:"短信验证码这种安全机制朽而不倒,我想

方法-IOS 触摸 手势和tableView cell的点击冲突

问题描述 IOS 触摸 手势和tableView cell的点击冲突 刚开始 书写的方法 // 触摸 (void)touchesBegan:(NSSet *)touches withEvent:(UIEvent *)event { //取出touches集合元素 UITouch *touch = [touches anyObject]; NSLog(@"%@", touch); CGPoint point = [touch locationInView:self.view]; // 打

GSM Hacking Part① :使用SDR扫描嗅探GSM网络

0×00 写在开头 近期,发现Crazy Danish Hacker在YouTuBe发布了一个挺不错的教程视频:使用SDR嗅探监听GSM网络的通信流量(GSM Sniffing Teaser – Software Defined Radio Series).该教程从电视棒的安装到扫描.嗅探工具的使用.GSM流量包的捕获解密都有详细说明演示: 作为搬运工,在这里将分两三部分参考&总结一下该教程的主要内容,输出一篇中文教程,希望能够给对这方面感兴趣的童鞋带来一定帮助. 0×01 环境搭建 OS:GN