Encrypted data on GSM-supported cell phones may not be as secure as previously thought after a widely known encryption expert presented research showing how hackers can poke holes in the algorithm to eavesdrop on calls.
Karsten Nohl, chief research scientist at H4RDW4RE, who asked hackers last summer to focus on cracking the widely used GSM encryption algorithm, presented research this week showing how an earnest hacker can find tools on hacking forums to intercept calls protected by the GSM A5/1 algorithm, a 64-bit binary code.
In an interview with SearchSecurity, Nohl said a newer A5/3 encryption algorithm exists, but operators have been slow to deploy it.
“Were urging operators to think of security as something that should be a moving part rather than something that’s created and used for 20 years,” Nohl said. “With research picking up, A5/3 will be broken at some point too.”
The older A5/1 encryption algorithm is used in 80% of cell phones worldwide. It was first introduced in 1987 and Nohl points out that it became publicly available in 1994. A technique cracking the algorithm has been widely used in government intelligence gathering and law enforcement investigations, but until now, technology hasn’t been available to make it practical for hackers to crack it. The GSM hacking technique has been too expensive and too complicated to pull off.
Nohl’s GSM research presented this week at the Chaos Communications Congress in Berlin, shows that the technology has finally caught up to make it easier for hackers. Nohl said he is being pressured by the GSM Association (GSMA), an organization of licensed GSM mobile network operators, to cancel or scale back a demonstration planned Wednesday at the conference. A GSMA spokesperson did not return a request for comment.
It takes a mixture of hardware and computational software to pull off an attack, he said.

“The equipment used is getting cheaper and cheaper,” Nohl said. “This will not be a vulnerability as widespread as Internet spam; it will always stay a targeted attack.”

Nohl urged security professionals at enterprises to be aware of the potential threat and use additional security mechanisms to protect sensitive calls. For now, breaking the algorithm means a hacker can intercept text messages, conversations and data only on rare occasions. Data on GSM networks is routed through faster networks, which protects the information, but banking applications designed to work on GSM enabled phones may also be under an increased risk.
“They should treat the Internet as an untrusted network and [should] take precautions by adding their own encryption on top of it,” Nohl said of enterprises concerned about secure communications.
In his presentation, Nohl describes both an active technique, in which cell phone calls are routed through a base station and a more challenging passive technique that involves more heavy computation. While it takes a savvy hacker to make the attack work, all of the parts making up the radio receiver system and signal processing software are open source and can be found on file swapping services and hacking websites, he said.
Nohl said he found an India-based equipment manufacturer advertising GSM cracking machines for as little as $US200,000. Using the same techniques a hacker can build a machine from scratch much cheaper, he said.

“As the attack becomes cheaper, more people will be interested in listening in to steal information on phone calls,” Nohl said. “It’s only a matter of time.“

source: SearchSecurity.com

“Crypto” is about privacy in the information age and about the nerds and visionaries who, nearly twenty years ago, predicted that the Internet’s greatest virtue–free access to information–was also its most perilous drawback: a possible end to privacy. Levy explores what turned out to be a decisive development in the crypto wars: the unlikely alliance between the computer geeks and big business as they fought the government’s stranglehold on the keys to information in a networked world. The players come alive here in a narrative that reads like the best of futuristic spy fiction. There is Whit Diffie, the long-haired Newton of crypto who invented the astounding “”public key”" solution; David Chaum, whose “”anonymous digital money”" actually threatened the global financial infrastructure; and “”cypherpunks”" like Phil Zimmermann, who freely distributed military-strength codes under the nose of the U. S. government. There is also the first behind-the-scenes account of what the secretive National Security Agency really had in mind when it created the controversial “”clipper chip”"–and how the Clinton administration bungled the operation. Sure to appeal to everyone who kept David Kahn’s sweeping The Codebreakers in print for more than thirty years and readers who are making Neal Stephenson’s Cryptonomicon, Mark’s Between Silk and Cyanide, and Singh’s The Code Book bestsellers, Crypto will soon be the new classic of its subject. Crypto is a best selling book and winner in the category of best Non-Fiction eBooks for the International eBook Award Foundation 2001 eBook awards ceremony in Frankfurt, Germany.

Author: Steven Levy

Θα πενθώ πάντα -μ’ ακούς;- για σένα, μόνος, στον Παράδεισο.

(…)

Που πια δεν έχω τίποτε άλλο
Μες στους τέσσερις τοίχους, το ταβάνι, το πάτωμα
Να φωνάζω από σένα και να με χτυπά η φωνή μου
Να μυρίζω από σένα και ν’ αγριεύουν οι άνθρωποι
Επειδή το αδοκίμαστο και το απ’ αλλού φερμένο
Δεν τ’ αντέχουν οι άνθρωποι κι είναι νωρίς, μ’ ακούς
Είναι νωρίς ακόμη μες στον κόσμο αυτόν αγάπη μου

Να μιλώ για σένα και για μένα.

Είναι νωρίς ακόμη μες στον κόσμο αυτόν, μ’ ακούς
Δεν έχουν εξημερωθεί τα τέρατα, μ’ ακούς
Το χαμένο μου αίμα και το μυτερό, μ’ ακούς
Μαχαίρι
Σαν κριάρι που τρέχει μες στους ουρανούς
Και των άστρων τους κλώνους τσακίζει, μ’ ακούς
Ειμ’ εγώ, μ’ ακούς
Σ’ αγαπώ, μ’ ακούς
Σε κρατώ και σε πάω και σου φορώ
Το λευκό νυφικό της Οφηλίας, μ’ ακούς
Που μ’ αφήνεις, που πας και ποιος, μ’ ακούς

Σου κρατεί το χέρι πάνω απ’ τους κατακλυσμούς

Οι πελώριες λιάνες και των ηφαιστείων οι λάβες
Θα ‘ρθει μέρα, μ’ ακούς
Να μας θάψουν κι οι χιλιάδες ύστερα χρόνοι
Λαμπερά θα μας κάνουν πετρώματα, μ’ ακούς
Να γυαλίσει επάνω τους η απονιά, μ’ ακούς
Των ανθρώπων
Και χιλιάδες κομμάτια να μας ρίξει

(…)

Το λουλούδι αυτό της καταιγίδας και, μ’ ακούς
Της αγάπης
Μια για πάντα το κόψαμε
Και δε γίνεται ν’ ανθίσει αλλιώς, μ’ ακούς
Σ’ άλλη γη, σ’ άλλο αστέρι, μ’ ακούς
Δεν υπάρχει χώμα, δεν υπάρχει αέρας
Που αγγίξαμε, ο ίδιος, μ’ ακούς

(…)

Άκου, άκου
Ποιος μιλεί στα νερά και ποιος κλαίει – ακούς;
Ποιος γυρεύει τον άλλο, ποιος φωνάζει – ακούς;
Είμ’ εγώ που φωνάζω και είμ’ εγώ που κλαίω, μ’ ακούς
Σ’ αγαπώ, σ’ αγαπώ, μ’ ακούς…

Οδυσσέας Ελύτης

“The Scream”, or “The Cry”, Edvard Munch 1893

No Time To Cry

It’s just a feeling
I get sometimes
A feeling
Sometimes
And I get frightened
Just like you
I get frightened too
but it’s…

Everything will be alright
Everything will turn out fine
Some nights I still can’t sleep
And the voices pass with time
And I keep

No time for tears
No time to run and hide
No time to be afraid of fear
I keep no time to cry
No time for heartache
No time to run and hide
No time for breaking down
No time to cry