GSM Encryption Broken

The Global System for Mobile communications [GSM], developed in the late 1980s,  is the communications standard used by roughly 80% of the world’s cell phones. It pretty much is the standard everywhere outside North America, where other standards developed by Qualcomm, namely CDMAOne[IS-95] and CDMA-2000, are used by some significant carriers, like Verizon Wireless and Sprint PCS.  It provides some security for communications: it authenticates the user to the network (although, in its basic version, not the other way around), and provides two stream ciphers, A5/1 and A5/2, for encrypting the voice data stream. The second of these, A5/2, is the weaker encryption, and it has been known for some time that it can be broken using a ciphertext-only attack.  The A5/1 cipher, which is more secure, is the most commonly used; although it has been known for a few years that it was theoretically vulnerable to attack, the attack was thought to be impractical.

Now Technology Review is reporting that a German researcher, Karsten Nohl, has presented a proof-of-concept attack that demonstrates that interception of GSM calls, eavesdropping on voice calls, and interception of SMS (text) messages are all a practical possibility.  The presentation was made at the 26th Chaos Communication Congress in Berlin.

Karsten Nohl, who has a PhD in computer science from the University of Virginia, says he demonstrated the GSM attack to encourage people to develop a more sophisticated means of protection.

Predictably, the industry association for GSM providers, the GSM Association, downplayed the importance of the announcement, saying in a statement:

All in all, we consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM,

It is true that the presentation did not cover one aspect of the attack in detail: the actual interception of the GSM radio signal.  However, the researchers say that this is because publishing that type of information is illegal in some countries, and that equipment that can perform the interception is readily available.

Some experts, not involved in the research work, said that the industry should be using this as a wake-up call to implement better encryption, which is possible within the GSM standard, before the system is being routinely hacked:

“It would be a good time to start transitioning GSM systems to more advanced cryptographic algorithms,” says David Wagner, a professor at the University of California at Berkeley who was involved in work in the early 2000s that proved it was possible to break A5/1. “We should be grateful. We don’t always get advance warning that it’s time to upgrade a security system before the bad guys start taking advantage of it.”

Bruce Schneier has also dismissed the industry’s claims:

Cryptographer Bruce Schneier, chief security technology officer at BT Counterpane, dismisses the association’s claims. “Companies always deny that it’s practical,” he says. “The truth about cryptography is that attacks always get better, never worse.” While Schneier believes this work further demonstrates that GSM calls could be intercepted, he says that the recent move to use GSM for payments and authentication is “a bigger reason to be concerned about this attack.”

These interceptions are very likely to be happening already, from agencies like the NSA in the US or GCHQ in Britain.  But upgrading the security of the system would seem like a very good idea, especially given the fact that mobile phones are being increasingly used for purposes beyond telephony: as part of payment systems, for example.  If you are going to put a great deal of money in your safe, it is probably a good idea to put the new lock on it first. It would seem wise to bolster GSM security before making it a much more attractive target for the Bad Guys.

Security Snake Oil

I read a fairly wide range of traditional and online publications, but Playboy magazine has never really been on my list; and I certainly didn’t expect to be referencing it in an article about security.  But the “Threat Level” blog at Technology Review reports on a story in Playboy about a self-styled scientist and software expert who, it appears, conned numerous agencies of the US government out of quite a few million dollars for security software of, at best, questionable value — if it ever really existed at all.

The story involves one Dennis Montgomery, who was born in Arkansas, and received a two-year associate’s degree in medical technology from Grossmont College, near San Diego.   He apparently decided to try his hand at software development:

He maintains he invented and secured copyrights for various technologies related to “pattern recognition,” “anomaly detection” and “data compression.” Montgomery had attained some success with his media-compression software.

This claim in itself is something of a red flag: inventions are generally patented, not copyrighted.  Copyright is intended to protect particular expressions, in writing (including software), images (e.g., photography), and so on.  Registering copyright proves only that the applicant was able to fill out the necessary form and pay the registration fee.

Apparently, Mr. Montgomery approached some members of the Science & Technology Directorate of the CIA, and convinced them that he had developed a technology that could reveal previously unsuspected terrorist messages that were concealed as bar codes in images broadcast, unwittingly,  by the Qatari TV network Al Jazeera.  He claimed that these messages gave latitudes, longitudes, flight numbers, and dates for future terrorist attacks, to be carried out by “sleeper cells” in the US and Europe. Of course, the secret technology he had developed was the only way to find and interpret these codes.

Mr. Montgomery is apparently a pretty good salesman, and he was of course saying things that some people wanted to hear:

Al Jazeera was an inspired target since its pan-Arabic mission had been viewed with suspicion by those who saw an anti-American bias in the network’s coverage. In 2004 Secretary of Defense Donald Rumsfeld accused Al Jazeera of “vicious, inaccurate and inexcusable” reporting.

Ideology is a highly effective prophylactic against the influence of inconvenient facts.

Eventually, reality did win out, with an assist from the French intelligence service, because Montgomery continued to refuse to reveal his methods, and it was not clear why a terrorist organization would use such a round-about method of communication:

The CIA and the French commissioned a technology company to locate or re-create codes in the Al Jazeera transmission. They found definitively that what Montgomery claimed was there was not.

This was not the end of Mr. Montgomery’s work for the US government, however.  He also successfully sold a system that he claimed could automatically recognize weapons from video images; at least one of his then-colleagues has told the FBI that the demonstrations are fake.  He also claimed to have software that could locate submarines from a satellite photograph of the ocean’s surface. (He also told at least one person that he had been abducted by a UFO.)

There is much more of the same recounted in the original story.  What is interesting is that this shows, once again, that wanting something to be true does not make it so, but that people can be blinded by their own preconceptions, and do really irrational things.