Tougher GSM, 3G security cracked
Electronista Staff, 1/12/2010
Newer GSM encryption hit using sandwich attack
The security of GSM phone calls dropped again late Monday with word that the standard’s second, more guarded encryption standard has been broken. Following a first crack of the simpler standard, researchers at the Weizmann Institute of Science say they have cracked the A5/3 security cipher (nicknamed Kasumi) by using what’s known as a “sandwich” attack. The group accomplished its goal by creating a distinguishing trait for the key and using just four related keys to determine the key for Kasumi itself.
While breaking the security takes time, the approach theoretically leaves GSM more directly exposed to call interceptions and other threats. Most cellular carriers still use the lower-grade GSM quality (A5/1) as their base calling technology, but the new discovery makes switching to Kasumi impractical. UMTS, the 3G cousin to GSM, also uses Kasumi and is potentially exposed as well.
The threat isn’t necessarily large as its dependence on related keys requires discovering those keys before an attack is an option. Still, the technique is described as “practical” by one observer and could be used for actual attacks.
Members of the GSM Association haven’t responded to the newly discovered hole.
Related posts:
- New GSM encryption cracked Jaikumar Vijayan, Computerworld US, 1/15/2010 An encryption algorithm designed to protect calls on GSM phones has been broken by three...
- One leg of GSM encryption cracked, cell industry unimpressed John Timmer, Ars Technica, 12/30/2009 A security researcher is in the process of building a table that will enable the...
- Security Cam app turns iPhone into a security camera David Dahlquist , Macworld.com, 1/7/2010 Developer Crowded Road has had a rather difficult time getting its Security Cam App approved. In...
In: Mobile Technology · Tagged with: GSM