Secret mobile phone code cracked

Source: Financial Times

Computer hackers this week said they had cracked and published the secret code that protects 80 per cent of the world’s mobile phones. The move will leave more than 3bn people vulnerable to having their calls intercepted, and could force mobile phone operators into a costly upgrade of their networks.

Karsten Nohl, a German encryption expert, said he had organised the hack to demonstrate the weaknesses of the security measures protecting the global system for mobile communication (GSM) and to push mobile operators to improve their systems.

“This shows that existing GSM security is inadequate,” Mr Nohl told an audience of about 600 people at the Chaos Communication Congress in Berlin, a four-day conference of computer hackers.

“We have given up hope that network operators will move to improve security on their own, but we are hoping that with this added attention, there will be increased demand from customers for them to do this,” he told the Financial Times.

Read more: http://www.ft.com/cms/s/0/54ca8e66-f485-11de-9cba-00144feab49a.html?nclick_check=1

---

Breaking News for anyone with a cell phone. At least the Financial Times thinks so.

since that's about all I use it for, so my SO and dogs will be waiting to meet me. Oh, and they'll know I'm checking Detroit sports scores. I hope this doesn't undermine national security!

Calls to call girls for example.

This is "news", but we have known it was vulnerable for a long time. Since most cell phones can be hacked by just sending a malware SMS/MMS or maybe an email, you might want to think carefully about this. Even if you aren't using a smart phone (e.g. iPhone) with lots of applications.

Joe Blow with a high spec PC can now decode GSM conversations in a few minutes.

And being able to break a known obsolete 20 year old encryption system on voice calls is not even remotely the same.

I posted in a hurry going out the door, so I might have not been clear enough. I understand what the "news" reported means and its implications. What about my post seemed BS to you?

My further point is about a much larger set of problems. The Apple patched one MMS buffer overflow in the iPhone back in the summer. There are more fundamental weaknesses that I am reluctant to discuss openly. I am in the middle of this stuff every day, have been for several decades.

I assure you these problems are not BS. Here is link to an article about a CERT alert two months ago and there are links to related articles. There have been proof-of-concept implementations for various attacks that are publicly available, several more that remain private.


US-CERT warns of BlackBerry snooping software

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1372852,00.html

"Or just turn on mike/camera/gps and spy on everything you do"

You cannot remotely turn on the microphone of a phone. You cannot remotely turn on the camera of a phone. You cannot remotely activate GPS on a phone without the approval of the wireless carrier, which requires in turn a court order. Period. The fact that somebody was capable of doing one or two of these things with a device that they themselves had prepped and installed special software on does not make it possible to do so with any random phone from a distance. The fact that someone was able to break the encryption used on over-the-air voice calls doesn't change that fact.

"Since most cell phones can be hacked by just sending a malware SMS/MMS or maybe an email"

No they cannot. Even the very FEW cell phones which can have one or two of these features configured require physical access to the device and/or the user's deliberate installation of certain software, as the article you linked to explained in great detail. But to imply that phones can be randomly snooped on by having a text message sent to them is patently ludicrous and the worst kind of urban legend bullshit.

For that matter, the idea that malware could be distributed by SMS is pretty silly on the face of it, since an SMS is simply up to 160 characters of text. No code, no "attachments," no software.

By the way, you just linked to an article by the company I used to work for. My job? Writing articles about cell phones. I damn well know this stuff better than almost anyone.

I have composed system level drivers and often use micro-code and assembler... If a buffer overflow vulnerability exists then I can crash the stack, if I wanted... I own your toy; period. Security is an illusion. Always has been, always will be. The processor or platform is irrelevant.


Note: not for hire and deliberately innocent.

Did not want even the possibility of confusion.

Like you, I was replying to TheWraith.

I have been doing this type work for over forty years. Starting back in the days when the hardware was so primitive you had to sample the line voltage and shift bits in using software in order to assemble characters on a comm line. Your "Debunking" is naive over-confidence.

In a public, non-technical environment like DU, there are many things I can't or won't discuss for obvious reasons. I try to use non-technical articles where possible, but with enough detail for those more technically adept. Within these constraints, here goes.

If I can execute arbitrary code on your phone, I can do all the things I described and more. Guess what? Lots of ways to do that, just as there a lots of ways to do that on a PC or Mac. Of course, security holes are plugged as fast as possible, but every new feature or new device opens up new attack vectors.

SMS is limited to 160 characters per message, but multiple messages can be assembled into much larger items. Various SMS implementations have had vulnerabilities allowing buffer overruns and arbitrary code execution, often with "root" privs. The rush patch for the iPhone (3.0.1) late July 2009 fixed such a vulnerability announced the prevous day. It was a widely reported example of this type. The following non-technical article gives a little intro to the SMS issues.

http://www.macworld.com/article/142179/2009/08/iphone_sms_security.html

A bigger problem comes from how phones handle SMS-related messages, particularly the MMS (multi-media) messages. These are little more than URL/URI links to a file on a server containing an image, video, voice, or other content. How these are processed on the phone raises the same type issues one encounters with browsers and viewers on PCs and elsewhere. Phones can also have vulnerabilities in browsers and mail.

Even a "simple" image can be an exploit these days. That spam message that got through and seemed to just contain an image might be using embedded XML or XHTML of some time to take over your system. A recent example we trapped contained a small piece of XML that defined a private color mapping system for displaying the image, with a link downloading futher code that many systems would happily execute while rendering/displaying the image -- all from just reading your mail without you clicking on anything. There are specific things like that which currently work on many cell phone environments and I expect to see more over time. (Search on "phone vulnerability", maybe adding SMS or MMS.)

There are other risks from SMS to the wireless networks, including denial of service for voice and messaging. These risks increase if large numbers of phones can be hacked, much like current PC botnets.

For those seeking more about the SMS issues, here is a link to slides from a presentation last summer at Blackhat. Much of it can be understood without significant technical background. Things have been moving quickly since then, but it is still useful.

Slides from Blackhat 2009: "Attacking SMS"

http://www.blackhat.com/presentations/bh-usa-09/LACKEY/BHUSA09-Lackey-AttackingSMS-SLIDES.pdf


Any questions?

costly upgrades of their networks onto average Joe consumer, who probably doesn't give a damn about anyone knowing the contents of his/her boring conversations in the first place. I sure as hell don't care if anyone knows that I'm now at the grocery store and would whoever is at home PLEASE PICK UP A PHONE and let me know if we are out of mustard and eggs??? And I SURE as hell don't want to pay anymore increase in the already ridiculous cell phone rates for the peace of mind of knowing that no one else will know that my life is so dull and boring!!!!

Cell phone security in the US will become extremely important once our country embraces SMS billing/payment protocols. Give Americans just a taste of the convenience of paying for a tank of gas with their shiny new Google phones and they will only want more.

with the excuse of protecting us consumers.

I hope they waited until a fix was ready before they did that. Guess I should read the article. ;)

Jesus, I would like to see how big that pile of phones would look. That's disgusting.

Look at video from any country in the world, and that is what you see.

Or are you one of those people who associates any kind of modern technology, particularly when used en masse by the world, with some kind of decadent luxury?

Places where it was economically unfeasible to run landlines can have phone and internet connections with a simple network of towers. People who never had phone service have suddenly gained access to transformative technologies.

To me that's a fabulous gift.

Srinit, Verizon, and other players use CDMA networks. Then there is the ISDN network for Nextel and Boost. Probably just as vulnerable, but...

The items I mentioned in my earlier post are concerns for all types of wireless devices. Follow the link in that post for further details.

BTW another method of eavesdropping is to convert a femtocell to eavesdrop, possible on all types of networks. Search on "femtocell" plus another term or two.