GSM Security 2

On the previous article on GSM security here. We have briefly discussed about the network element and the network architecture of GSM, including the encryption that are widely used in GSM network.
At the end of that article as we have discussed about how the network identify the SIM (Subscriber identity module), this is an important part of the GSM security. 

At this point you must think about the algorithm that are used in GSM network, have the A3 and A8 algorithm been broken.

“Ian Goldberg and David Wagner of the University of California at Berkeley demonstrated that all A8 implementations they looked at, including the few that did not use COMP128, were deliberately weakened. The A8 algorithm takes a 64-bit key, but ten key bits were set to zero. The attack on the A8 algorithm demonstrated by Goldberg and Wagner takes just 2^19 queries to the GSM SIM *Subscriber Identity Module), which takes roughly 8 hours.”
                                                                                                        -www.gsm-security.net
Hacks
Now authentication center (AuC) generates RAND(128-bit random) and uses along with Ki(128-bit individual) to check the expected response of user.If the response is equal to expected response means the SIM is authentic.
Now where is the problem, The first is that the voice data is only encrypted up to the base station, which sits between the ME and the MSC. If the link between the base station and the MSC is wireless (for example, via microwave dish), the data will be sent unencrypted, and anyone with the proper sniffing equipment can gather unencrypted voice data. Another problem is that it is not unfeasible for a malicious user (or more likely, a government or security agency) to obtain a microcell, or base station, which can be configured to act as a man-in-the-middle. 


GSM Hacked Claims German Scientist Karsten Nohl

Karsten Nohl and his team claimed to break the GSM code, the 24-person team spent five months trying to decrypt the algorithm that prevents eavesdropping on GSM networks, finding allow anyone to listen the private conversion on phone. Billions of mobile user’s around the world are at risk of having their calls recorded.

The team actually broken the A5/1 algorithm that used to encrypt GSM cell phone conversation.


Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...