Information Security News mailing list archives

By Date By Thread Hackers crack crypto for GPRS mobile networks From: InfoSec News <alerts () infosecnews org>

Date: Thu, 11 Aug 2011 04:39:56 -0500 (CDT)

http://www.theregister.co.uk/2011/08/10/gprs_cellphone_call_snooping/ By Dan Goodin in San Francisco The Register 10th August 2011 A cryptographer has devised a way to monitor cellphone conversations by exploiting security weaknesses in the technology that forms the backbone used by most mobile operators. Karsten Nohl, chief scientist of Berlin-based Security Research Labs, said the attack works because virtually all of the world's cellular networks deploy insecure implementations of GPRS, or general packet radio service. Some, such as those operated by Italy's Wind or Telecom Italia, use no encryption at all, while Germany's T-Mobile, O2 Germany, Vodafone, and E-Plus use crypto that's so weak that it can easily be read by unauthorized parties. He plans to release software on Wednesday at the Chaos Communication Camp 2011 that allows hobbyist hackers to snoop on GPRS traffic that uses no encryption. He will also demonstrate ways to use cryptanalysis to decrypt GPRS traffic that's protected by weaker ciphers. “The interception software to be released tomorrow puts GPRS operators with no encryption at an immediate risk,” he told The Register on Tuesday evening. “All other GPRS networks are affected by the cryptanalysis that will be presented but not released at tomorrow's conference. Those operators will hopefully implement stronger encryption in the time it takes others to re-implement our attacks.” [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/ By Date By Thread Current thread: Hackers crack crypto for GPRS mobile networks InfoSec News (Aug 11)