The Government has offered Australia's three mobile operators, and vividwireless, renewal of their existing spectrum allocated on 15 year licences in the late 90s and early 2000s at set prices, while the Government expects to rake in $3 billion.
read more
David Heath
Wednesday, 02 September 2009 10:23
As reported previously serious issues with GSM encryption are widely known, however it was generally assumed that one needed either lots of money or lots of time to decrypt the highest-level A5/1 encryption standard used by the inner sanctum of friendly countries (unfortunately Australia was always condemned to use the completely-broken A5/2 standard).
At the recent Hacking at Random conference in mid-August, security researcher Karsten Nohl from Virginia Tech outlined a new project to harness as many computing resources around the world to calculate "Rainbow Tables" allowing a quick lookup of the plaintext, given an encrypted text fragment. This is a drastic simplification, but I'm sure you'll get the gist – instead of having to attempt to decrypt the material, it can simply be used to look into a reverse-translation table.
For Nohl's project, the Rainbow table will be huge – estimated at 128 Petabytes; clearly this will need to be distributed across a large number of computers around the world.
Interviewed recently on CNET, Nohl said "We're not creating a vulnerability but publicizing a flaw that's already being exploited widely. Clearly we are making the attack more practical and much cheaper, and of course there's a moral question of whether we should do that."
So, assuming you'd like to be involved, what do you need? Simple – any modern PC with a NVIDIA video card which supports the CUDA development environment. If you fit the bill, head to the project website and download the code (still currently in alpha).
What will this mean? Obviously, that any call (or data connection) can be accessed and decrypted. Also, this rather hurts some of the payment services based on GSM standards – Gpay for instance.
I wonder if this will FINALLY spur the telcos and the GSM organisation to actually create a viable encryption protocol.
The current one is broken.
Loading comments ...
 |
Microsoft Office 365Try an easy-to-use set of web-enabled tools for business-class productivity services. Office 365 provides anywhere-access to email, important documents, contacts, and calendars on almost any device.  |
Latest Headlines from IT INDUSTRY
