Schneier on Security
A blog covering security and security technology.
« "Taxonomy of Operational Cyber Security Risks" |
| Friday Squid Blogging: Smaller Male Squid Have Bigger Sperm »
August 10, 2011
Nohl's group found a number of problems with GPRS. First, he says, lax authentication rules could allow an attacker to set up a fake cellular base station and eavesdrop on information transmitted by users passing by. In some countries, they found that GPRS communications weren't encrypted at all. When they were encrypted, Nohl adds, the ciphers were often weak and could be either broken or decoded with relatively short keys that were easy to guess.
The group generated an optimized set of codes that an attacker could quickly use to find the key protecting a given communication. The attack the researchers designed against GPRS costs about 10 euros for radio equipment, Nohl says.
Posted on August 10, 2011 at 4:11 PM
• 10 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
GPRS isn't the only standard to fall, it's been reported that CDMA and 4g were also compromised at Defcon this year.
The largest threat to these protocols seems to be the ease of compromising pico/femtocells and making them do your bidding: http://wiki.thc.org/vodafone
Clearly things need to be more robust. A compromised base station should not be able to do this.
"Clearly things need to be more robust. A compromised base station should not be able to do this."
The main threat for the people paying for the base-stations are worried about is phone-calls being made without a matching billing entry.
I'm sure that threat is catered for.
I seriously doubt that '4G' was hacked (whaterver 4G means; LTE, WiMAX, WCDMA HSPA?).
Anyone who accepts an OTA system update when at DEFCON deserves everything they get...
@jkm, according to a post further down the linked thread, it was WiMAX on Sprint/Clearwire.
So, maybe I should set up a proxy at home for my smartphone. Are the Android proxy security "good enough"?
@wiredog: how about "civilians" near or at the hotel who aren't part of defcon who take an OTA update? Do they deserve it too?
Of course, there have been several examples of 'pushed' over the air upgrades. The user doesn't get a choice about whether to accept it or not.
And, of course, if the officially designated people can push an "upgrade", so can everyone else.
I think the term "smartphone" needs to be rescinded, and the term "stupid phone" (re-)implemented.
I'm glad I don't have the money yet to buy a "smart (stupid) phone". And that the stupid Nokia 6030 phone I use (it's smart enough to randomly shut itself off periodically!) doesn't get used much except to take client calls. No texting, no SMS, no nada. It can do that crap, but I don't.
Besides the security flaws, every time Jeri Ryan has to update her phone, she tweets how it didn't work unless she does it five times...
Obviously these are real quality products being sold...
Nonetheless, nice to know my meme applies equally well to everyone's phone as it does to their computer. :-)
Interesting work, but ... GPRS is supposed to have security features!?
Only GPRS app I have been involved in, everyone just assumed it was totally hackable. The application provided its own session security and assumed the link might not be available. (Low priority messages that did not receive a signed acknowledgement would be re-sent later; high priority messages that didn't get an ACK resulted in a dial-up connection.)
Hmm, reading further, it seems we were right. Security features in GPRS are optional, and it isn't easy for the app to find out if they are enabled. So you have to assume the transport layer is insecure.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.