27C3 - Version 1.6.3

27th Chaos Communication Congress
We come in peace

Karsten Nohl
Sylvain Munaut
Day Day 2 - 2010-12-28
Room Saal 1
Start time 14:00
Duration 01:00
ID 4208
Event type Lecture
Track Hacking
Language used for presentation English

Wideband GSM Sniffing

GSM is still the most widely used security technology in the world with a user base of 5 billion and a quickly growing number of critical applications. 26C3's rainbow table attack on GSM's A5/1 encryption convinced many users that GSM calls should be considered unprotected. The network operators, however, have not woken up to the threat yet. Perhaps the new capabilities to be unleashed this year – like wide-band sniffing and real-time signal processing – will wake them up.

Now that GSM A5/1 encryption can be cracked in seconds, the complexity of wireless phone snooping moved to signal processing. Since GSM hops over a multitude of channels, a large chunk of radio spectrum needs to be analyzed, for example with USRPs, and decoded before storage or decoding. We demonstrate how this high bandwidth task can be achieved with cheap programmable phones.

Archived page - Impressum/Datenschutz