CRIME fw: Technion Researchers Crack GSM Cellular Phone Network Encryption

From: toby (tobyhush@private)
Date: Sun Sep 14 2003 - 15:51:59 PDT

  • Next message: Brian Varine: "Re: CRIME fw: Technion Researchers Crack GSM Cellular Phone Network Encryption"

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    FYI.
    
    t
    
    > -----Original Message-----
    > Sent: Saturday, September 13, 2003 10:37 PM
    > Subject: Technion Researchers Crack GSM Cellular
    > Phone Network Encryption
    >
    > Technion Researchers Crack GSM Cellular Phone Network Encryption
    >
    > It is possible to listen to and impersonate callers on the
    > phones of 850
    > million users in 197 countries. The researchers: "We will allow use
    of
    > this method only by law enforcement agencies."
    >
    >
    > Technion researchers have succeeded in cracking the popular
    > GSM cellular
    > phone network encryption code. The researchers presented
    > their findings
    > at the recent Crypto Conference in Santa Barbara, California. The
    > findings were greeted with shock and widespread interest on
    > the part of
    > the 450 conference participants, many of whom are world leaders in
    > encryption research and encryption industry.
    >
    >
    >
    > The researchers, Prof. Eli Biham and doctoral student Elad Barkan,
    and
    > Nathan Keller, discovered a basic flaw in the network's encryption
    > system, and using this were able to develop a method for cracking the
    > encryption system. "Elad discovered a serious flaw in the network's
    > security system," explains Prof. Biham. "He found that the GSM network
    > does not work in the proper order: First, it inflates the information
    > passing through it in order to correct for interference and noise and
    > only then encrypts it."
    >
    >
    >
    > In the wake of this discovery, the three Technion researchers
    > developed
    > a method that enables cracking the GSM encryption system at
    > the initial
    > ringing stage, even before the call begins, and later on, listening
    in
    > on the call. With the aid of a special device that can also broadcast,
    
    > it is possible to steal calls and even to impersonate phone
    > owners, even
    > in the middle of an ongoing call. Recently, a new and modern
    > encryption
    > system was chosen as a response to previous attacks on existing
    > encryption system. But Technion researchers also succeeded in
    > overcoming
    > this improvement. The new method works for all GSM networks worldwide,
    
    > including the U.S. and Europe.
    >
    >
    >
    > Prof. Biham explains that encryption ciphers were kept
    > absolutely secret
    > until 1999 when a researcher called Marc Briceno succeeded to reverse
    > engineer their algorithms. "Since then many attempts have been made
    to
    > crack them, but these attempts required knowing the call's content
    > during its initial minutes in order to decrypt its continuation, and
    > afterwards, to decrypt additional calls. Since there was no way of
    > knowing call content, these attempts never reached a practical stage.
    > Our research shows the existence of the possibility to crack the codes
    > without knowing anything about call content," he notes.
    >
    >
    >
    > A copy of the research was sent to GSM authorities in order to correct
    > the problem, and the method is being patented so that in future it
    can
    > be used by the law enforcement agencies.
    > Technion Spokesperson - Amos Levav
    >
    >
    >
    > 2/9/03
    >
    > 902/03
    >
    
    
    "I have gone to great lengths to expand my threshold of pain"
    - -Tool
    -----BEGIN PGP SIGNATURE-----
    Note: This signature can be verified at https://www.hushtools.com/verify
    Version: Hush 2.3
    
    wkYEARECAAYFAj9k8Q4ACgkQgmQPhCwzFyDQEQCgv4OzBH79yxFzd+NuK1xcKcWpNAQA
    oK7BLNkD3szeTG5Vy33RdHj4waEa
    =Hwrd
    -----END PGP SIGNATURE-----
    
    
    
    
    Concerned about your privacy? Follow this link to get
    FREE encrypted email: https://www.hushmail.com/?l=2
    
    Free, ultra-private instant messaging with Hush Messenger
    https://www.hushmail.com/services.php?subloc=messenger&l=434
    
    Promote security and make money with the Hushmail Affiliate Program: 
    https://www.hushmail.com/about.php?subloc=affiliate&l=427
    



    This archive was generated by hypermail 2b30 : Sun Sep 14 2003 - 16:28:34 PDT