I have written before about how the encryption used by GSM cell phones is not secure. At the upcoming Defcon conference, Chris Paget is planning to demonstrate how the cryptoscheme in GSM can be circumvented completely, using a man-in-the-middle attack, based around a device called an ‘IMSI catcher.’ Specifically, he is planning to “intercept and record cellular calls made by [his] attendees, live on-stage, no user-input required.”
This is a good illustration of some of the limitations of cryptography. Even very sound encryption algorithms are often used in ways that make them vulnerable to attack, including man-in-the-middle attacks where legitimate senders and receivers don’t realize their communications are being routed through a third party. The take-home message is: just because something is encrypted, don’t assume that other people won’t be able to access it.
This is an interesting topic to me because I have always had a strong interest in electronic technology, and have always been interested in exploits for reasons I have trouble articulating. Largely it has to do with appreciating the fact that the people finding the exploits have an understanding of the technology that the average user doesn’t.
The man in the middle exploit is nice because it’s real time. In addition to this method, it is my understanding that GSM encryption can be decrypted after the fact by collecting GSM data with a cheap software defined radio and then using software to decrypt the resultant data.
Of course things used to be easier: I own a Radio Shack Realistic brand scanner that I got to listen to air traffic control. With the easy modification of desoldering an onboard resistor to disable a government required security feature, the unit was fully capable of listing in on analog cell phone conversations. A few years ago, however, AMPS (the analog network) was dismantled in Canada.
I also remember being able to listen to analog cell phone calls, using a radio receiver a friend of mine got for a few dollars at a church sale.
Bruce Schneier has written about how there are two kinds of encryption: the sort that keeps your kid sister from reading your diary, and the sort that might stop the NSA from doing so. Increasingly, it seems clear that GSM encryption is in the first category. The same goes for SSL, provided the malicious agent can get between you and your legitimate communication partner.
Juels says that these cracks were possible because the proprietary algorithms that the firms use to encode the cryptographic keys shared between the immobiliser and receiver, and receiver and engine do not match the security offered by openly published versions such as the Advanced Encryption Standard (AES) adopted by the US government to encrypt classified information. Furthermore, in both cases the encryption key was way too short, says Nohl. Most cars still use either a 40 or 48-bit key, but the 128-bit AES – which would take too long to crack for car thieves to bother trying – is now considered by security professionals to be a minimum standard. It is used by only a handful of car-makers…
What’s more, one manufacturer was even found to use the vehicle ID number as the supposedly secret key for this internal network. The VIN, a unique serial number used to identify individual vehicles, is usually printed on the car. “It doesn’t get any weaker than that,” Nohl says.