Quickly decrypting cell phone calls

Karsten Nohl takes a crack at GSM encryption with his tool called Kraken
Source: Uli Ries In his presentation at the Black Hat Conference, German GSM expert Karsten Nohl presented a tool he calls Kraken, which he claims can crack the A5/1 encryption used for cell phone calls within seconds. But first, you have to record the GSM call with a GSM catcher, which you can build yourself based on a Universal Software Programmable Radio (USRP), which costs just under $1500, and the open source GNURadio software.

To crack the key, Kraken uses rainbow tables, which Nohl calculated with ATI graphics processors (GPUs). During a live demonstration, the tool cracked the key for a recorded phone call within about 30 seconds. Nohl then decoded the file with Airprobe and converted it into an audio file using Toast.

"Today, recording and cracking GSM is as easy as attacking WiFi was a few years ago", the security expert told The H's associates at heise Security. But Nohl says he refrained from making the process too easy, to avoid lowering the bar too much for newcomers. Nohl added that protection against such attacks has also been around for nearly two years: "In 2008, the GSM Association published an update for the standard. [...] But up to now, no mobile communications provider in Germany has bothered to update its network."

A hacker called "The Grugq" pointed out another problem at the conference. A cheap, low-end Motorola cell phones, a notebook and the OsmocomBB open source software is apparently all you need to block a base station. In what is called a RACHell attack, a cell phone sends thousands of connection requests to the network in an attempt to reserve all available channels for itself; as a result, the station rejects other mobile communications users, including emergency services, such as ambulances and the fire department. The attack does not, however, affect current calls in any way. The hacker was not able to demonstrate the attack at the conference because his dual band cell phone did not work on the frequency used by AT&T at the event.

Network operators are familiar with the issue. An independent expert told heise Security that T-Mobile uses special firewalls in Germany to fend off such attacks. Harald Welte, the GSM expert and author of numerous open source projects pertaining to GSM, such as OpenBSC, told heise Security in an e-mail that T-Mobile's approach would not work; because the attack comes over the air, a firewall or other filter in the GSM backhaul or backbone will not make a difference. Dieter Spaar reportedly already performed at such an attack in autumn 2009.

The Grugq says that other mobile communications users can also be kicked out by reversing the attack. If a detach command is sent to the base station with another user's sender IMEI, the station will not communicate with that cell phone until the phone reports back to the base station, such as when a text message is sent. (Uli Ries)

(Uli Ries / djwm)