Whenever the folks at the Black Hat conference have a meet-up, the security world listens. This time around, the collective hacker minds of the security industry flocked to Washington D.C. where David Hulton and Steve (he didn’t want to give his last name – you know tinfoil hats and all) claimed that they had come up with a method to hack encrypted GSM calls for relatively cheap.
The 64-bit A5/1 encryption scheme used by GSM networks to encrypt voice and text message transmissions had been theoretically cracked a decade ago, but the practical hacking of the encryption algorithms has been prohibitively expensive and time-consuming. Hulton and Steve now claim that with 30 minutes and $1,000 worth of gear (or 30 seconds and $100,000 in equipment), they can hack the GSM communications and even locate a particular device’s location to within 200 meters. That means that the GSM network hacking endeavor is no longer relegated to the realm of government and high-budget snooping operations – your average Joe Blow hacker can now take a gander at all your GSM-routed voice calls and text messages.
Hulton and Steve say that their method uses field programmable gate arrays to list and decrypt the 288 quadrillion possible encryption keys. The decrypted keys are then used to crack the GSM communications at will.
Now, it’s worth noting that 3G networks do not utilize the same A5/1 encryption algorithms, and should be immune to Hulton and Steve’s hacking methods. But, the prospect that our communications can be spied upon by non-government entities is a bit off-putting.
Better start talking in code. Or, you know, switch to CDMA. We’d rather talk in code.
[Via: Information Week]