Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

August 11th, 2011, 16:25 GMT · By

Researchers Claim GPRS Traffic Can Easily Be Intercepted

SHARE:

Adjust text size:


GPRS spying tool released at Chaos Communication Camp
Enlarge picture
Security researchers claim that GPRS traffic can easily be intercepted because most mobile operators currently employ weak encryption, if any at all.

The research was presented this week at the Chaos Communication Camp 2011, a yearly hacker gathering near Berlin, by Karsten Nohl, chief scientist at Security Research Labs.

Nohl is also known for finding security issues in telecom protocols and infrastructure in the past. A year ago he released open source software that can be used to record and decrypt 2G GSM traffic.

The tool was based on his earlier research which involved the release of pre-computed rainbow tables that can be used to crack the 64-bit encryption keys used by the GSM A5/1 protocol in a matter of minutes.

On Wednesday he released a piece of software that can be used to snoop on GPRS traffic. The tool immediately places many operators that don't employ encryption at risk.

"All other GPRS networks are affected by the cryptanalysis that will be presented but not released at tomorrow's conference. Those operators will hopefully implement stronger encryption in the time it takes others to re-implement our attacks," Nohl told The Register on the eve of the Chaos Communication Camp.

The researcher claims that the vast majority of mobile operators use either weak encryption, which is susceptible to rainbow table attacks, or no encryption at all. A stronger 128-bit GPRS encryption scheme is available, but it is not currently in use.

Together with fellow researcher Luca Melette, Nohl modified a Motorola C-123 phone to monitor unencrypted GPRS traffic. A rogue base station can also be used to capture traffic that can later be decrypted.

"One reason operators keep giving me for switching off encryption is, operators want to be able to monitor traffic, to detect and suppress Skype, or to filter viruses, in a decentralized fashion. With encryption switched on, the operator cannot ‘look into’ the traffic anymore while in transit to the central GPRS system," Nohl told the New York Times.

TELL US WHAT YOU THINK:

1,105 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Hacker Claims CDMA and 4G Connections Were Compromised at DEFCON
Researcher Releases Phone Call Eavesdropping Software
Femtocell Insecurity Is a Widespread Problem
Hackers Turn Vodafone Home Cellular Base Station into Call Interception Device
Hacker Intercepts Phone Calls at DEFCON

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use