December 29, 2009
GSM Goes Nekkid
So… looks like Karsten Nohl went through with one of the most pervasive open source experiments in IT history. The GSM A5/1 encryption algorithm is now cracked, code books have been generated, real-time decryption and snooping is now a distinct possibility using off-the-shelf hardware (ATI/Nvidia/IBM-Tosh PS3 Cell Procesors/USRP2) and open source software (Asterisk, OpenBTS).
Assuming that Karsten’s statements are true, the GSMA is going to have their hands full defending and mitigating fallout from this eventuality:- 4BN phones affected by this public reveal
- It is stupid easy to dupe a GSM phone into revealing it’s IMSI (subscriber ID) and have it mate to a rogue base station
- A5/3 is a better algorithm but hasn’t been adopted by GSMA… and even its days are numbered
- Karsten & Co. will demonstrate GSM device nudification on December 30th in Virginia or Berlin, room A03 though ;)
- Open sourcing A5/1 code books and making the program available on SVN makes it a certain terrorist honeypot. Tracking those downloads and subsequent network flows could reveal some actionable intelligence.
- The A5/1 code book weighs in @ 128 petabytes and takes 90 days to generate on 40 CUDA nodes. I wonder what that could drop to with 100K nodes using commodity cloud and a Map-Reduce library. There seems to be plenty of interest in getting Amazon to offer a GPU cloud.
- Fast multi-core aware algorithms for parsing and correlating the code book using Haskell or Clojure are other opportunities for improvement.
The downside is obvious:
One can hope this doesn’t end up doing harm. By exposing a ‘security through obscurity’ vulnerability, Karsten has done the morally correct thing. But I fear that any malicious use of this source code will tarnish the reputation of open source even though such lapses are likely to be prevalent in the closed source ecosystem.
Let’s see how this turns out.