Commenting on news reports that an Indian company has revealed it can `tumble’ and clone the credentials of mobile phone SIM cards over the airwaves – apparently because certain Indian GSM carriers are using the A5/0 minimal encryption system on their cellular networks – Cryptzone says this raises, once again, the issue that GSM voice calls can no longer be considered secure.
Eli Hizkiyev, a Senior Vice President at Cryptzone of the European IT threat mitigation specialist, says that the interesting feature of this tale is that the Indian cellular networks appear to be switching off most of their encryption to ease the load on their networks.
“Even with A5/1 encryption switched on – as researcher Karsten Nohl and his team started demonstrating some 18 months ago – even this level of encryption can be cracked, but as this news report notes, with A5/0 encryption it also becomes possible to clone SIM card identities and make calls charged to the legitimate user’s account,” he said.
“And, of course, this is on top of the eavesdropping problem that Nohl and his team demonstrated back in 2010, since when they have refined their cracking/eavesdropping strategy,” he added.
Hizkiyev went on to say that the most interesting aspect of this Indian network issue is that many of the UK GSM carriers are also hitting digital gridlock on their networks in city areas at peak time, raising the question as to whether they too are lowering the encryption technology used on their calls.
It is interesting, he says, to note that none of the Indian cellular carriers were prepared to comment on the report, despite the news appearing in The Hindu newspaper, which has a circulation of 1.5 million amongst the English language speakers of India, as well as a global audience via its Web site of many millions more.
The problem for the carriers, he adds – as one of the researchers commented on in the report – is that the cracked calls appear to be coming from the subscriber’s number, so it’s difficult to see they can stop these calls, apart from looking for excessive usage and/or calls to international/premium rate destinations.
The takeout from this story – and from previous reports of the A5/1 encryption system on GSM calls being cracked – is to switch to using 3G cellular services when making business and/or sensitive calls, he explained.
Even then, says Hizkiyev, since the A5/3 encryption mechanism used on 3G calls is a derivative of the MISTY Feistel crypto methodology – and some carriers are reportedly lowering the level of encryption – there is a danger that the diluted 3G encryption system can be cracked in a few hours, as was reported at the start of 2010 (http://bit.ly/xAOpeA).
“The real bottom line is that cellular calls – in common with all wireless transmissions – are inherently less secure than wireline telephony, for the simple reason that the mobile device can only automatically authenticate itself over the airwaves,” he said.
“Put simply, this means that all of the data transmitted can also be eavesdropped by hackers who – if they are able to crack the underlying encryption system, all variants of which has clearly been found to be wanting – can monitor the data stream and eavesdrop on the voice plus data transmissions,” he added.
“This Indian newspaper report raises a number of security questions on several fronts, and this is before we even start to discuss the number of people using their smartphone for Internet banking…”