Cryptzone says Indian GSM Cracking Revelations are Profound for Phone Hacking

Göteborg, (PresseBox) - Commenting on news reports that an Indian company has revealed it can 'tumble' and clone the credentials of mobile phone SIM cards over the airwaves - apparently because certain Indian GSM carriers are using the A5/0 minimal encryption system on their cellular networks - Cryptzone says this raises, once again, the issue that GSM voice calls can no longer be considered secure.

Eli Hizkiyev, a Senior Vice President at Cryptzone of the European IT threat mitigation specialist, says that the interesting feature of this tale is that the Indian cellular networks appear to be switching off most of their encryption to ease the load on their networks.

"Even with A5/1 encryption switched on - as researcher Karsten Nohl and his team started demonstrating some 18 months ago - even this level of encryption can be cracked, but as this news report notes, with A5/0 encryption it also becomes possible to clone SIM card identities and make calls charged to the legitimate user's account," he said.

"And, of course, this is on top of the eavesdropping problem that Nohl and his team demonstrated back in 2010, since when they have refined their cracking/eavesdropping strategy," he added.

Hizkiyev went on to say that the most interesting aspect of this Indian network issue is that many of the UK GSM carriers are also hitting digital gridlock on their networks in city areas at peak time, raising the question as to whether they too are lowering the encryption technology used on their calls.

It is interesting, he says, to note that none of the Indian cellular carriers were prepared to comment on the report, despite the news appearing in The Hindu newspaper, which has a circulation of 1.5 million amongst the English language speakers of India, as well as a global audience via its Web site of many millions more.

The problem for the carriers, he adds - as one of the researchers commented on in the report - is that the cracked calls appear to be coming from the subscriber's number, so it's difficult to see they can stop these calls, apart from looking for excessive usage and/or calls to international/premium rate destinations.

The takeout from this story - and from previous reports of the A5/1 encryption system on GSM calls being cracked - is to switch to using 3G cellular services when making business and/or sensitive calls, he explained.

Even then, says Hizkiyev, since the A5/3 encryption mechanism used on 3G calls is a derivative of the MISTY Feistel crypto methodology - and some carriers are reportedly lowering the level of encryption - there is a danger that the diluted 3G encryption system can be cracked in a few hours, as was reported at the start of 2010 (http://bit.ly/xAOpeA).

"The real bottom line is that cellular calls - in common with all wireless transmissions - are inherently less secure than wireline telephony, for the simple reason that the mobile device can only automatically authenticate itself over the airwaves," he said.

"Put simply, this means that all of the data transmitted can also be eavesdropped by hackers who - if they are able to crack the underlying encryption system, all variants of which has clearly been found to be wanting - can monitor the data stream and eavesdrop on the voice plus data transmissions," he added.

"This Indian newspaper report raises a number of security questions on several fronts, and this is before we even start to discuss the number of people using their smartphone for Internet banking..."

For more on Cryptzone: http://www.cryptzone.com
For more on the Indian GSM cracking revelations: http://bit.ly/yjbadc

Press releases you might also be interested in

Weitere Informationen zum Thema "Sicherheit":

Schutz für eine expandierende hybride IT-Infrastruktur

Aus­sa­gen wie „Cy­ber­si­cher­heits­ri­si­ken ste­hen ganz oben auf der Sor­gen­lis­te von IT-Ex­per­ten“ sind so of­fen­sicht­lich, dass sie nicht viel zu ei­ner Dis­kus­si­on um IT-Si­cher­heit bei­tra­gen. Wir wis­sen, dass so­wohl das Aus­maß als auch die Sicht­bar­keit von Da­ten­si­cher­heits­ver­let­zun­gen zu­neh­men wer­den. Die­se Tat­sa­che im­mer wie­der zu be­to­nen gießt je­doch bloß Öl ins Feu­er.

Weiterlesen

Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.


I want to subscribe to the gratis press mail and have read and accepted the conditions.