Cryptzone says Indian GSM Cracking Revelations are Profound for Phone Hacking
Eli Hizkiyev, a Senior Vice President at Cryptzone of the European IT threat mitigation specialist, says that the interesting feature of this tale is that the Indian cellular networks appear to be switching off most of their encryption to ease the load on their networks.
"Even with A5/1 encryption switched on - as researcher Karsten Nohl and his team started demonstrating some 18 months ago - even this level of encryption can be cracked, but as this news report notes, with A5/0 encryption it also becomes possible to clone SIM card identities and make calls charged to the legitimate user's account," he said.
"And, of course, this is on top of the eavesdropping problem that Nohl and his team demonstrated back in 2010, since when they have refined their cracking/eavesdropping strategy," he added.
Hizkiyev went on to say that the most interesting aspect of this Indian network issue is that many of the UK GSM carriers are also hitting digital gridlock on their networks in city areas at peak time, raising the question as to whether they too are lowering the encryption technology used on their calls.
It is interesting, he says, to note that none of the Indian cellular carriers were prepared to comment on the report, despite the news appearing in The Hindu newspaper, which has a circulation of 1.5 million amongst the English language speakers of India, as well as a global audience via its Web site of many millions more.
The problem for the carriers, he adds - as one of the researchers commented on in the report - is that the cracked calls appear to be coming from the subscriber's number, so it's difficult to see they can stop these calls, apart from looking for excessive usage and/or calls to international/premium rate destinations.
The takeout from this story - and from previous reports of the A5/1 encryption system on GSM calls being cracked - is to switch to using 3G cellular services when making business and/or sensitive calls, he explained.
Even then, says Hizkiyev, since the A5/3 encryption mechanism used on 3G calls is a derivative of the MISTY Feistel crypto methodology - and some carriers are reportedly lowering the level of encryption - there is a danger that the diluted 3G encryption system can be cracked in a few hours, as was reported at the start of 2010 (http://bit.ly/xAOpeA).
"The real bottom line is that cellular calls - in common with all wireless transmissions - are inherently less secure than wireline telephony, for the simple reason that the mobile device can only automatically authenticate itself over the airwaves," he said.
"Put simply, this means that all of the data transmitted can also be eavesdropped by hackers who - if they are able to crack the underlying encryption system, all variants of which has clearly been found to be wanting - can monitor the data stream and eavesdrop on the voice plus data transmissions," he added.
"This Indian newspaper report raises a number of security questions on several fronts, and this is before we even start to discuss the number of people using their smartphone for Internet banking..."
For more on Cryptzone: http://www.cryptzone.com
For more on the Indian GSM cracking revelations: http://bit.ly/yjbadc
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
Schutz für eine expandierende hybride IT-Infrastruktur
Aussagen wie „Cybersicherheitsrisiken stehen ganz oben auf der Sorgenliste von IT-Experten“ sind so offensichtlich, dass sie nicht viel zu einer Diskussion um IT-Sicherheit beitragen. Wir wissen, dass sowohl das Ausmaß als auch die Sichtbarkeit von Datensicherheitsverletzungen zunehmen werden. Diese Tatsache immer wieder zu betonen gießt jedoch bloß Öl ins Feuer.Weiterlesen