2G FruiG
Now that's an old fashioned ice cream flavour.
The crypto scheme applied to second generation (2G) mobile phone data can be hacked within seconds, security researchers have demonstrated. The work by researchers from the Agency for Science, Technology and Research (A*STAR), Singapore shows that breaking the A5/1 stream cipher used by 2G is possible using commodity hardware …
RAM's not that expensive now either, you can pick up 32GB of DDR4 for less than £200, about the same again will get you 1TB of SSD. The graphics cards they used will probably be matched for about £250-300 today, and figure about another £250 for a CPU and a motherboard with enough PCIe slots and bandwidth to run everything.
Even with current UK prices I reckon you could build an equivalent rig for less than two grand.
>>>> Paris, because she's good with money.
The flaws in the encryption have been known about since 2009 and you still need to create some pretty big rainbow tables and have some pretty good equipment to do the hack.
Well, in that case I'm impressed by what the GSMA did come up with back then. It means we're generally pretty safe. Yes, the spooks have probably had the wherewithal to do this for a couple of years for the few cases where they can't get a wiretap order or find a compliant telco, but given all the other attack vectors on modern phones such getting an app installed that can control the mike and use the network, I'm not unduly worried.
Nevertheless, it's an important research project and should expedite the deprecation of this part of the standard.
Or is the concept of searching a terabyte rainbow table in 9 seconds on 'commodity' hardware the impressive thing here.
Of course it depends what they call 'commodity', I don't see too many PCs with a TB of RAM, and suspect that a few SSDs may be needed in parallel to get that sort of performance...
Mind - you 'as little as nine seconds' could mean 'if you're the first item in the rainbow table'
If the table is arranged as a ordered list then a binary search would find the answer in no more than 42 reads. With an SSD this would take well under 1 second.
As the rainbow table is not exhaustive (as it is far too small), several bits of the key must be determined by a computation (maybe by brute force) and this is what would take the bulk of the 9 seconds.
(An exhaustive rainbow table would require 2^64 entries - many exabytes.)
"Security experts have known the A5/1 was breakable since 2009..."
Security experts have known since way before 2009 that that all bar one encryption techniques are only computationally secure (i.e. given enough time and resources they can be broken). Moore's Law ensures that what is classed as "secure enough" today will not be secure enough in the future.
Only the Vernam cipher is known to be mathematically secure.
"any unbreakable system must have essentially the same characteristics as the one-time pad: the key must be truly random, as large as the plaintext, never reused in whole or part, and kept secret"
Not really practical for most at the moment. The truly random requirement is also a bit of a bugger.
"Moore's Law ensures that what is classed as "secure enough" today will not be secure enough in the future" -- Velv
I hear what you're saying, but the universe is finite and, more significantly, the time period for which cipher text has to remain safe is actually pretty short. I cannot see any conceivable way that a 256 bit keyspace can be exhaustively searched in a reasonable time (say, under a century) by conventional (non-quantum) computers. NB: I am absolutely not saying 256 bit ciphers cannot be broken.
From now on, assume that your 2G phone calls are being tapped. By the government, by the local newspaper, by local taxi firms listening out for possible bookings, including calls to other taxi firms. Does that happen? I don't know, but, assume that it does.
Oh, and muggers.
Also, your 3G or 4G phone presumably drops back to 2G when there isn't a 3G signal, so in fact everyone is going to be bugged.
Now that turns "Ho hum, well it's obsolete anyway" into "S**t, so if you can mess up the 3G signal enough you can force drop back to 2G"
Do that at a tower site and you have a sort of watering hole attack against however many subscribers use it.
How useful that is depends on what else you can get apart from their speech....
Is there a way to tell whether I'm on A5/1, A5/2 or A5/3 ? Besides the sound of a mystery person breathing as they tap in to my phone calls. I mean - won't this depend at some level on what encryption is implemented in the phone, or the SIM card, or the novelty case I keep it in? Apart from "not 2G at all", what should I be looking for as an upgrade?
Also - what happens somewhere there isn't a 3G signal geographically - have they really given up providing 2G? (In my case, O2 and a quite early micro-SIM card, pay as I go)
And is this anything to do with starting to get spam texts again? I think some people get a lot of them, but it's been rarely or never for me. But several lately. Some odd phone calls, too.
The A5/2 cipher is MUCH WEAKER than the A5/1 cipher - it fact it is so bad that the GSM association prohibited its inclusion in new phones back in 2006. The A5/3 cipher is far stronger than the A5/1 cipher and is used in GPRS / EDGE mode. Note if you make a voice call anywhere with a poor signal then fall back to GSM mode with its poor security is likely.