GPRS Cracked

I mentioned the work of Karsten Nohl to expose how insecure cell phones really are back in 2009. It’s great work since many people assume cell phones are secure, while they likely aren’t nearly as secure as one would think or hope. He’s done a lot more since then as The Register reports:

“The interception software to be released tomorrow puts GPRS operators with no encryption at an immediate risk,” he told The Register on Tuesday evening. “All other GPRS networks are affected by the cryptanalysis that will be presented but not released at tomorrow’s conference. Those operators will hopefully implement stronger encryption in the time it takes others to re-implement our attacks.”

As the article goes on to say, most use none or weak encryption.

In 2010, he bundled many of the various tools he helped develop into a comprehensive piece of software that gave amateurs the means to carry out many of the attacks. That same year, other cryptographers cracked the encryption scheme protecting 3G phone calls before the so-called Kasumi cipher had even gone into commercial use.

So your best bet to make a secure call right now is to use Skype on a smart phone. So far it doesn’t seem anyone has cracked Skype’s security. If Skype has a backdoor or known vulnerabilities is questionable. If they were considered a phone company (they insist they aren’t) they would be subject to CALEA.

Bottom line: Don’t assume a cell phone call is secure.

Security Through Obscurity TSA/GSM Edition

It’s impossible to write code these days without having to study security to some extent. The byproduct of this is that since digital security concepts are based largely on real life, you see the obvious gaps in real life “security”. The quotes are intentional because many/most attempts only provide the feeling of security as opposed to real security.

“Security through obscurity” is perhaps one of the most insane of ideas. The principle being that if the implementation is kept secret the entire application is secure (emphasis on if). If it’s compromised, then you’re in trouble.

TSA “Security”

Books have been written about how poor the TSA is at security. Bruce Schneier is likely one of the best when it comes to pointing out the silly practices and how little it actually does for actual security.

The latest security directive was sent to thousands of individuals at airlines around the world. Needless to say it was leaked (imagine that). Of course the TSA wasn’t thrilled about that. What this does show is that the TSA is simply hoping any potential terrorist is too dumb to do something original. See Bruce Schneier’s piece linked above which draws the same conclusion.

The fake boarding pass scheme is another great example.

Millimeter wave scanner’s (those fully body scanners) haven’t even been 100% implemented yet and have been defeated. Al Qaeda has already figured out that they could mimic drug smugglers and place bombs in certain body cavities. A CT scan would detect that but a full body CT scan is too much radiation and too slow for routine use. No sane person would use a CT scan for security. You would certainly kill more than you would save. That means a complementary prostate exam or “bend and spread” (limited success in prison) is pretty much the only solution. Of course surgical implantation would defeat that as well.

Edit 1/1/2010 @ 3:00 PM EST: The TSA has apparently realized how pointless their legal efforts were and have withdrawn its subpoena.

GSMA “Security”

GSMA (GSM Association) are the folks behind GSM A5/1 encryption used in the majority of phones worldwide which is supposed to keep your calls secure and safe from prying ears. Karsten Nohl figured out how it can be broken. It’s noteworthy that this is an 18-year-old standard from days when computing power was much more limited. It’s also noteworthy that most governments and criminals have likely figured this stuff out already (they just aren’t sharing). The GSMA response:

“What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.”

Mike Masnick at TechDirt decoded the PR speak decoded:

… First, claiming it’s “theoretically possible, but practically unlikely” means that it’s very, very possible and quite likely. To then say that no one else had broken the code since its adoption fifteen years ago is almost certainly false. What she means is that no one else who’s broken the code has gone public with it — probably because it’s much more lucrative keeping that info to themselves…

Wikipedia has a rundown of the security of A5/1.

iPhone 2nd Generation

So more is coming out about the next iPhone, which we all know is going to be 3G. Someone found evidence of it in the recent update to the iPhone SDK. The SGOLD2 chipset will be replaced with the SGOLD3, which supports 3G networks (as we all expected). Looking at the specs some interesting things come out:

  • ARM 926 CPU capable of running up to 312 MHz – This isn’t that much more than the existing iPhone which is said to be underclocked to preserve battery life. Don’t expect much change here.
  • 5 Megapixel camera support – Capable, but don’t expect to see 5MP. I suspect it will be upgraded to 3MP and no higher to conserve costs.
  • MPEG4 / H.263 hardware accelerator – Sigh, no H.264 support. That’s a bummer. Apple could still use hardware support via another chip.
  • Support for video telephony, streaming, recording and playback – I wonder if Apple plans to utilize this. Video telephony could work over 3G networks (AT&T already did it with an LG CU500v). But it would require a potentially reworking the location of the camera on the phone.
  • 3G upgradeable with WCDMA coprocessor – Very interesting since this could allow Apple to offer the iPhone on CDMA networks, though the largest (Verizon) is going to become LTE a varient of GSM. That’s the largest CDMA network in the US. Still CDMA support will be needed for Japan.

Walt Mossberg initially said this is going down in 60 days, but now he’s retracted that statement. I still think a June timeline sounds about right. WWDC 2008 is June 9-13, 2008. Sounds about right.