Apps for the Paranoid Needed?
Posted by Craig H on 4 January 2010
I can’t let Karsten Nohl‘s presentation at 26C3 go without comment. To be clear, he was only talking about weaknesses that were already known (so headlines like “Secret mobile phone codes cracked” are at best misleading) but his purpose was to demonstrate that those theoretically known attacks are now practical. His point is a very valid one, and holds for most (all?) cryptographic algorithms: researchers will discover more efficient attack techniques, and technology will evolve to make such attacks practical, so you’d better design your cryptographic protocols so you can switch to different algorithms if and when the future need arises.* Happily this is the case for the GSM protocols, and all (!) that is needed is for the phone manufacturers and network operators to deploy the A5/3 algorithm and we can all go about our business.
That said, there is an interesting point made, almost in passing, in the presentation. Your phone knows what encryption algorithm is being used between it and the base station: for example, my Sony Ericsson P1i shows a little warning triangle icon if the base station switches it to A5/0 (that is, no encryption) although I don’t think my Nokia E71 does. Karsten also notes “IMSI catching is detectable from [the] phone, but no detect apps exist” (we have mentioned IMSI catching in this blog before).
So, the main point of the presentation is the assertion that well-funded attackers (security agencies, organised crime) are already using attacks to break GSM encryption, and his aim in making attacks practical for hobbyists is to push the phone manufacturers and network operators to improve security for everyone. I think that’s a heavy-handed approach, to say the least, but it’s done now. I am though left wondering who is being targeted today by GSM eavesdroppers. I’ve posted an idea on the Symbian Ideas site that there should be an app available to tell the phone user (in so far as that is possible) when their communications security is being compromised. Please join in there if you think that’s interesting!