14 DAY TRIAL // A security researcher has released open source software that can be used to record and decrypt communications passing over 2G GSM networks. Unlike other available solutions, that require very expensive set-ups, this free set of tools can work on off-the-shelf equipment.
The software was demoed at the Black Hat security conference in Las Vegas by Karsten Nohl, a security researcher who specializes in probing GSM security. His previous research focused on the A5/1 stream cipher used to encrypt GSM communications.
This cipher dates back to 1987 and is still widely used in Europe and the United States, despite being reverse-engineered in 1999. GSM operators have began adopting the more secure A5/3 cipher, which is used to encrypt traffic passing over 3G networks. However, when 3G coverage is not available, phones drop back to the insecure 2G standard.
The main problem with decoding A5/1-protected communications is identifying the 64-bit key used to encrypt them, an operation that normally would require a lot of time and computing power. However, this task was significantly simplified in December 2009, when Nohl and a group of researchers released pre-computed lookup tables. These attack tables make cracking A5/1 key possible in a matter of minutes.
The new software, dubbed Airprobe makes things even more easier and allows anyone with $2,000-worth of equipment to intercept and decode 2G traffic. The process requires Airprobe, a computer, a radio that can be programmed, the previously mentioned rainbow tables from Nohl's A5/1 Cracking Project and a different free tool called Kraken. In comparison, commercial solutions for similar GSM traffic decoding can cost up to $500,000.
"This talk will be a reminder to this industry to please implement these security measures because now customers can test whether they've patched the system. Now you can listen in on a strangers' phone calls with very little effort," the security researcher, commented for CNET News.
You can follow the editor on Twitter @lconstantin