Last Friday there was news out of the Chaos Computer Club Congress in Berlin that two security researchers, Karsten Nohl and Sylvian Munaut, had successfully cracked the encryption used in the GSM cellular network. While not “VoIP”, per se, this is of interest to any of us working with VoIP as many VoIP clients are now working on “smartphones” running on top of the GSM network (like, oh, the iPhone, among others). Some of the articles on this topic:
- TheNextWeb: Hackers crack open GSM networks to eavesdrop on mobile calls
- InfoSecurity.com: Security researchers subvert GSM encryption
- eWeek Europe: Researchers Demonstrate GSM Phone Call Hack
The researchers are apparently not releasing their toolkit publicly, but obviously word of their success will encourage others to investigate further.
If you found this post interesting or helpful, please consider either subscribing via RSS or following VOIPSA on Twitter.
Reading the links, I’m not sure this changes much from the talks last summer. The attacks published then were against 2G GSM and dont work against 2.5 or 3G which are surely necessary to run a decent VOIP call.
You could try to fix your phone to 3G and dont allow downgrade to 2G. Android lets you do this but you’ll discover how patchy 3G coverage really is.
I didn’t see any suggestion that this was real-time yet which I recall was the next target. So we are still cracking A5/1 offline. There are some interesting attacks that abuse key reuse between A5/1 and A5/3 which could expose the 3G air interface containing your RTP stream but I think any such application that assumes the network is untrusted is still safe to use.
I think everyone involved in the industry realises that 2G security is broken but will be a long time before it disappears.
As I understand it the attack is almost in realtime with a 20s delay for cracking the initial encryption key. Basically they have been using modified encrytion/decoding hardware of a cheap gsm phone.
Recordings of the presentations held at 27c3 (27th Chaos Communications Congress) have been published here: http://media.ccc.de/browse/congress/2010/
Apart from the talk about GSM encryption by C.Nohl et al there where also several other talks on smart phone security (e.g. “The Baseband Apocalypse” is definetly worth seeing) and at least one about attacks on SIP home routers.
Pingback: DeepSec 2011 Focus: Mobile Computing and Communications –