Researchers have demonstrated an alarmingly simple technique for eavesdropping on individual GSM mobile calls without the need to use expensive, specialised equipment.
During a session at the Chaos Computer Club Congress (CCC) in Berlin, Karsten Nohl and Sylvain Munaut used cheap Motorola handsets running a replacement firmware based on open source code to intercept data coming from a network base station.
Armed with this, they were able to locate the unique ID for any phone using this base, breaking the encryption keys with a rainbow table lookup.
Although far from trivial as hacks go, the new break does lower the bar considerably compared to previous hacks shown by the same reasearchers. In 2009, Nohl published a method for cracking open GSM’s A5/1 encryption design using a lookup table in near real time.
What was missing, however, was a way of identifying the call stream for an individual phone in order to apply the lookup to a real call within the clutter of data moving back and forth between a particular base station and the many phones using it. That is what Nohl appears to have worked out in his latest demo.
Another important detail is that Nohl was able to replace the firmware of the handsets with custom software. According to the BBC report on which most stories are being based, this was only possible because the Motorola handsets in question had been reverse engineered after an unspecified leak.
How easy would it be to exploit the new hack? In short, not particularly easy. Creating a custom lookup table similar to Nohl’s would take months of work and any eavesdropper would still need to break into the handset in question.
The crack does lower the bar from being a hardware problem to one of software expertise, which will cause some alarm in the GSM engineering community.
Governments and the military won’t worry unduly as they will be using encrypted satellite phone systems and GSM phones equipped with extra layers of call encryption to make sensitive calls. Large companies might want to take note, however.