2010年1月4日月曜日

携帯盗聴可能か

日韓方式以外の携帯は盗聴可能なようだ。
 独のコンピューター技師チームが、GSM方式のデジタル携帯電話で
使われている暗号を解読する方法を見つけた。日本と韓国以外の
ほとんどの国で使われている方式で、通話の盗聴ができるようになる
可能性があるという。

G.S.M.
A5/1 1988年に制定された64bitの暗号方式
A5/3 2007年に制定された128bitの暗号方式

携帯普及時の技術説明の記憶しかないが、携帯と基地局間の通信で
音声データを暗号化していると思ったが、暗号は共通鍵方式で、
ネットで使用されているような公開鍵方式ではないため、暗号強度は
低いとされていたと思う。
日進月歩の技術であれば、強度が低い暗号は、解読可能となるが、
デジタルデータによる通信は、音声を圧縮伸張方式も暗号となるため、
内部情報を知らない限り、解読できないはずだったと思う。

「携帯電話会社がもっと安全な暗号を使うよう促すための研究だ」と
発表したチームは、基地局と携帯電話の設備の入れ替え販売や主導権を
握りたいのかと勘ぐりたくなる。


---日韓方式以外の携帯、盗聴可能?「暗号解読」と米紙報道---
2010年1月3日22時15分
http://www.asahi.com/science/update/0103/TKY201001030169.html

 【ワシントン=勝田敏彦】米紙ニューヨーク・タイムズによると、ドイツのコンピューター技師チームが、GSM方式のデジタル携帯電話で使われている暗号を解読する方法を見つけた。日本と韓国以外のほとんどの国で使われている方式で、通話の盗聴ができるようになる可能性があるという。
 報道によると、解読されたのは携帯電話端末と基地局の間の通信で使われている「A5/1」と呼ばれる暗号。解読には膨大な計算時間がかかることなどが安全性の根拠になっていた。
 しかし約20年前の技術で、解読に使うコンピューターの計算速度が速くなると必ずしも安全とはいえないこともわかっている。「解読した」との報告はこれまでもあり、チームのカーステン・ノール氏は同紙に「携帯電話会社がもっと安全な暗号を使うよう促すための研究だ」と述べた。
 GSM方式の携帯は世界で34億人以上が利用している。GSMの世界団体GSMA(本部・ロンドン)は報道を受け、「必要があれば、携帯電話会社は、盗聴がより困難になるよう設定をすぐ変更できる。また盗聴は違法行為だ」とする声明を発表した。


---Mobile phone security cracked, says German hacker---
Girish Gupta
guardian.co.uk, Tuesday 29 December 2009 16.16 GMT
http://www.guardian.co.uk/technology/2009/dec/29/gsm-mobile-algorithm-cracked-nohl

Karsten Nohl says he has decoded the GSM algorithm used to keep private more than 80% of the world's mobile conversations

A German computer scientist has cracked the codes used to encrypt calls made from more than 80% of the world's mobile phones.

Karsten Nohl and his team of 24 hackers began working on the security algorithm for GSM (Global System for Mobiles) in August.

Developed in 1988, the system prevents the interception of calls by forcing phones and base stations to change frequencies constantly. Most of the UK's mobile phones use the GSM system and the breach represents a potential threat to the security of mobile phone communication.

Nohl claims that armed with the code, which has been published online, and a laptop with two network cards, an eavesdropper could be recording phone calls within 15 minutes.

"This shows that existing GSM security is inadequate," Nohl told the Chaos Communication Congress, an international annual meeting of hackers taking place in Berlin this week.

Nohl insisted that he had deciphered the code to force the global telecommunications industry to upgrade its security.

Nohl told the Guardian that important negotiations involving politicians or business leaders could easily be intercepted and they should invest in further encryption software to protect their privacy. "If there is anything secret going on using GSM, this should be of concern."

The GSM Association, which represents the interests of the worldwide mobile communications industry, played down the security threat and said Nohl's activity was "highly illegal".

"We consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM," said Claire Cranton, a spokeswoman. "To do this while supposedly being concerned about privacy is beyond me."

Nohl, who has a doctorate in computer engineering from the University of Virginia, insisted his work was purely academic. "We have written advice from our lawyers stating that our research is within the legal realm," he said. "Obviously the data we produce could of course be used for illegitimate purposes."

Simon Bransfield-Garth, the chief executive of London-based encryption software firm Cellcrypt, said: "The code that has been cracked is for the 21-year-old 64-bit A5/1 GSM algorithm. In 2007 the GSM Association developed a 128-bit version, A5/3. However, most network operators have not invested to make the required upgrade.

"We said in August when this project began that the code would be broken within nine to 12 months. This is a very significant step."


---Cellphone Encryption Code Is Divulged---
By KEVIN J. O’BRIEN
Published: December 28, 2009
http://www.nytimes.com/2009/12/29/technology/29hack.html?_r=1&scp=1&sq=phone%20german&st=Search

BERLIN - A German computer engineer said Monday that he had deciphered and published the secret code used to encrypt most of the world’s digital mobile phone calls, saying it was his attempt to expose weaknesses in the security of global wireless systems.

The action by the encryption expert, Karsten Nohl, aimed to question the effectiveness of the 21-year-old G.S.M. algorithm, a code developed in 1988 and still used to protect the privacy of 80 percent of mobile calls worldwide. (The abbreviation stands for global system for mobile communication.)

“This shows that existing G.S.M. security is inadequate,” Mr. Nohl, 28, told about 600 people attending the Chaos Communication Congress, a four-day conference of computer hackers that runs through Wednesday in Berlin. “We are trying to push operators to adopt better security measures for mobile phone calls.”

The G.S.M. Association, the industry group based in London that devised the algorithm and represents wireless companies, called Mr. Nohl’s efforts illegal and said they overstated the security threat to wireless calls.

“This is theoretically possible but practically unlikely,” said Claire Cranton, an association spokeswoman. She said no one else had broken the code since its adoption. “What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.”

Some security experts disagreed. While the disclosure does not by itself threaten the security of voice data, one analyst said companies and governmental organizations should take the same steps to ensure the security of their wireless conversations as they do with antivirus software for computer files.

“Organizations must now take this threat seriously and assume that within six months their organizations will be at risk unless they have adequate measures in place to secure their mobile phone calls,” said Stan Schatt, a vice president for health care and security at the technology market researcher ABI Research in New York.

Mr. Nohl, who has a doctorate in computer engineering from the University of Virginia, is a widely consulted encryption expert who waged a similar campaign this year that prodded the DECT Forum, a standards group based in Bern, to upgrade the security algorithm for 800 million cordless home phones.

Mr. Nohl has now set his sights on G.S.M., whose second-generation digital technology is still the most widely used wireless-communications standard in the world. About 3.5 billion of the world’s 4.3 billion wireless connections use G.S.M.; it is used by about 299 million consumers in North America.

In August, at a hackers’ forum in Amsterdam, Mr. Nohl challenged other computer hackers to help him crack the G.S.M. code. He said about 24 people, some members of the Chaos Computer Club, which is based in Berlin, worked independently to generate the necessary volume of random combinations until they reproduced the G.S.M. algorithm’s code book - a vast log of binary codes that could theoretically be used to decipher G.S.M. phone calls.

During an interview, Mr. Nohl said he took precautions to remain within legal boundaries, emphasizing that his efforts to crack the G.S.M. algorithm were purely academic, kept within the public domain, and that the information was not used to decipher a digital call.

“We are not recommending people use this information to break the law,” Mr. Nohl said. “What we are doing is trying to goad the world’s wireless operators to use better security.”

Mr. Nohl said the algorithm’s code book was available on the Internet through services like BitTorrent, which some people use to download vast quantities of data like films and music. He declined to provide a Web link to the code book, for fear of the legal implications, but said its location had spread by word of mouth.

The G.S.M. algorithm, technically known as the A5/1 privacy algorithm, is a binary code - which is made exclusively of 0’s and 1’s - that has kept digital phone conversations private since the G.S.M. standard was adopted in 1988.

But the A5/1 algorithm is a 64-bit binary code, the modern standard at the time it was developed, but simpler than the 128-bit codes used today to encrypt calls on third-generation networks. The new codes have twice as many 0’s and 1’s.

In 2007, the G.S.M. Association developed a 128-bit successor to the A5/1, called the A5/3 encryption algorithm, but most network operators have not yet invested to make the security upgrade.

The encryption key itself does not enable surveillance of mobile calls, which must still be overheard and identified from the digital stream of thousands of calls transmitted through a single cellphone station.

The undertaking is complex because a digital call typically hops among up to 60 different broadcast frequencies during a single conversation, as the mobile network operator maximizes the use of its available bandwidth.

In a statement, the G.S.M. Association said efforts to crack the algorithm were more complex than critics have asserted, and that operators, by simply modifying the existing algorithm, could thwart any unintended surveillance.

The group said that hackers intent on illegal eavesdropping would need a radio receiver system and signal processing software to process raw radio data, much of which is copyrighted.

But Mr. Nohl, during a presentation Sunday to attendees at the Berlin conference, said the hardware and software needed for digital surveillance were available free as an open-source product in which the coding is available for individuals to tailor to their needs.

Simon Bransfield-Garth, the chief executive of Cellcrypt, a company based in London that sells software, said Mr. Nohl’s efforts could put sophisticated mobile interception technology - limited to governments and intelligence agencies - within the reach of “any reasonable well-funded criminal organization.”

“This will reduce the time to break a G.S.M call from weeks to hours,” Mr. Bransfield-Garth said during an interview. “We expect as this further develops it will be reduced to minutes.”

0 コメント: