14 DAY TRIAL // S
ecurity researchers claim that GPRS traffic can easily be intercepted because most mobile operators currently employ weak encryption, if any at all.
The research was presented this week at the Chaos Communication Camp 2011, a yearly hacker gathering near Berlin, by Karsten Nohl, chief scientist at Security Research Labs.
Nohl is also known for finding security issues in telecom protocols and infrastructure in the past. A year ago he released open source software that can be used to record and decrypt 2G GSM traffic.
The tool was based on his earlier research which involved the release of pre-computed rainbow tables that can be used to crack the 64-bit encryption keys used by the GSM A5/1 protocol in a matter of minutes.
On Wednesday he released a piece of software that can be used to snoop on GPRS traffic. The tool immediately places many operators that don't employ encryption at risk.
"All other GPRS networks are affected by the cryptanalysis that will be presented but not released at tomorrow's conference. Those operators will hopefully implement stronger encryption in the time it takes others to re-implement our attacks," Nohl told The Register on the eve of the Chaos Communication Camp.
The researcher claims that the vast majority of mobile operators use either weak encryption, which is susceptible to rainbow table attacks, or no encryption at all. A stronger 128-bit GPRS encryption scheme is available, but it is not currently in use.
Together with fellow researcher Luca Melette, Nohl modified a Motorola C-123 phone to monitor unencrypted GPRS traffic. A rogue base station can also be used to capture traffic that can later be decrypted.
"One reason operators keep giving me for switching off encryption is, operators want to be able to monitor traffic, to detect and suppress Skype, or to filter viruses, in a decentralized fashion. With encryption switched on, the operator cannot ‘look into’ the traffic anymore while in transit to the central GPRS system," Nohl told the New York Times.