Uh oh. Don't be doing any telephone banking or credit card ordering on
your GSM phone.
"A pair of researchers has created a low-cost and simple hack to crack
the encryption in GSM mobile phones and intercept voice conversations
and SMS text messages -- within minutes."
"SMS" <scharf.steven@geemail.com> wrote in message
news:47be0f7e$0$36330$742ec2ed@news.sonic.net...
> Uh oh. Don't be doing any telephone banking or credit card ordering on
> your GSM phone.
Why not? We used to do it on unencrypted analog cordless and cellphones all
the time. We simply relied on the law of averages- while it was POSSIBLE
our calls were being monitored, it was extremely UNLIKELY they were.
> "A pair of researchers has created a low-cost and simple hack to crack the
> encryption in GSM mobile phones and intercept voice conversations and SMS
> text messages -- within minutes."
>
> http://www.darkreading.com/document.asp?doc_id=146616
Low cost and simple? A thousand bucks for a dedicated piece of hardware?
"Low cost and simple" was cutting a diode on your RadioShack police scanner
to re-enable the locked-out 800-MHz analog cellular band. This is neither
low cost nor simple.
And BTW, why cross-post to five different carriers' NGs when we have a
perfectly good "generic" NG- alt.cellular- for topics applicable to all
cellphone users?
> Why not? We used to do it on unencrypted analog cordless and cellphones
> all the time. We simply relied on the law of averages- while it was
> POSSIBLE our calls were being monitored, it was extremely UNLIKELY they
> were.
Not me, at least on analog cellular. I had picked up analog cellular
calls on my SW radio (at least half of the conversation) and that
convinced me to be cautious. For cordless phones the danger was a bit
less as you'd have had to be so close to the handset in order to pick it up.
> And BTW, why cross-post to five different carriers' NGs when we have a
> perfectly good "generic" NG- alt.cellular- for topics applicable to all
> cellphone users?
It's applicable to these carriers. The alt.cellular group isn't well used.
Diamond Dave wrote:
> On Thu, 21 Feb 2008 16:29:35 -0800, SMS <scharf.steven@geemail.com>
> wrote:
>
>> It's applicable to these carriers. The alt.cellular group isn't well used.
>
> Don't post GSM crap in the Verizon, Sprint or Alltel newsgroups. Last
> I checked, we use CDMA, which is much more secure!
Yes, this is true. But it's still applicable, IMVAIO, because at least
it presents one valid issue that those CDMA users should consider if
they are considering switching carriers.
"SMS" <scharf.steven@geemail.com> wrote in message
news:47be16be$0$36342$742ec2ed@news.sonic.net...
>> Why not? We used to do it on unencrypted analog cordless and cellphones
>> all the time. We simply relied on the law of averages- while it was
>> POSSIBLE our calls were being monitored, it was extremely UNLIKELY they
>> were.
>
> Not me, at least on analog cellular. I had picked up analog cellular calls
> on my SW radio (at least half of the conversation) and that convinced me
> to be cautious. For cordless phones the danger was a bit less as you'd
> have had to be so close to the handset in order to pick it up.
I guess. I knew such eavesdropping was possible, but it wasn't widespread.
After all, credit card fraud is too easy to blame it on an overheard
cellular conversation. Every waiter or store clear I hand my card to
"overhears" it.
>> And BTW, why cross-post to five different carriers' NGs when we have a
>> perfectly good "generic" NG- alt.cellular- for topics applicable to all
>> cellphone users?
>
> It's applicable to these carriers. The alt.cellular group isn't well used.
Catch-22- it's not "well used" because we're posting generic cellular info
to five other NGs! I'm just as guilty, at least sort of- I was going to
post the Voicestick stuff to the alt.cellular NG but used the carrier NGs
instead because I thought you'd be interested, and since I couldn't find a
single posting from you in the alt.cellular group, I assumed you didn't read
it! ;-)
On Thu, 21 Feb 2008 17:58:56 -0800, SMS <scharf.steven@geemail.com>
wrote:
>Diamond Dave wrote:
>> On Thu, 21 Feb 2008 16:29:35 -0800, SMS <scharf.steven@geemail.com>
>> wrote:
>>
>>> It's applicable to these carriers. The alt.cellular group isn't well used.
>>
>> Don't post GSM crap in the Verizon, Sprint or Alltel newsgroups. Last
>> I checked, we use CDMA, which is much more secure!
>
>Yes, this is true. But it's still applicable, IMVAIO, because at least
>it presents one valid issue that those CDMA users should consider if
>they are considering switching carriers.
Perhaps, but it still makes you seem no better than Navas, Oxturd, or
Butler.
The Ghost of General Lee wrote:
> On Thu, 21 Feb 2008 17:58:56 -0800, SMS <scharf.steven@geemail.com>
> wrote:
>
>> Diamond Dave wrote:
>>> On Thu, 21 Feb 2008 16:29:35 -0800, SMS <scharf.steven@geemail.com>
>>> wrote:
>>>
>>>> It's applicable to these carriers. The alt.cellular group isn't well used.
>>> Don't post GSM crap in the Verizon, Sprint or Alltel newsgroups. Last
>>> I checked, we use CDMA, which is much more secure!
>> Yes, this is true. But it's still applicable, IMVAIO, because at least
>> it presents one valid issue that those CDMA users should consider if
>> they are considering switching carriers.
>
> Perhaps, but it still makes you seem no better than Navas, Oxturd, or
> Butler.
Hmm, since I have all of them blocked I don't know what exactly you
mean. I only occasionally post links to any news stories, and only when
they are directly relevant to the specific newsgroup.
SMS <scharf.steven@geemail.com> wrote in news:47be0f7e$0$36330
$742ec2ed@news.sonic.net:
> Uh oh. Don't be doing any telephone banking or credit card ordering on
> your GSM phone.
>
> "A pair of researchers has created a low-cost and simple hack to crack
> the encryption in GSM mobile phones and intercept voice conversations
> and SMS text messages -- within minutes."
>
> http://www.darkreading.com/document.asp?doc_id=146616
>
Anything the cops can listen to....is insecure by design.
That's why there's Skype....(c;
2.3 Session Cryptography
All traffic in a session is encrypted by XORing the plaintext with key
stream generated by 256-bit AES (also known as Rijndael) running in integer
counter mode (ICM). The key used is SKAB. Skype sessions contain multiple
streams. The ICM counter depends on the stream, on salt, and the sequency
within the stream
Steve Sobol <sjsobol@JustThe.net> wrote in
news:slrnfrtqpl.npb.sjsobol@amethyst.justthe.net:
> On 2008-02-22, Larry <noone@home.com> wrote:
>
>>> It's only 256 bits. It's crackable too.
>>
>> Can you crack it before I hang up on a 3 minute phone call to my bookie?
>>
>> I think NOT!
>
> I can not. But I'm not the one you need to be worried about.
>
>
I don't need to be worried about anyone listening to my phone calls. Why
are you??
> > I can not. But I'm not the one you need to be worried about.
> >
> >
>
> I don't need to be worried about anyone listening to my phone calls. Why
> are you??
Didn't you switch to digital cellular after a business competitor poached a
job by listening to your calls?
Larry wrote:
> Steve Sobol <sjsobol@JustThe.net> wrote in
> news:slrnfrtqpl.npb.sjsobol@amethyst.justthe.net:
>
>> On 2008-02-22, Larry <noone@home.com> wrote:
>>
>>>> It's only 256 bits. It's crackable too.
>>> Can you crack it before I hang up on a 3 minute phone call to my bookie?
>>>
>>> I think NOT!
>> I can not. But I'm not the one you need to be worried about.
>>
>>
>
> I don't need to be worried about anyone listening to my phone calls. Why
> are you??
>
So why is skypes encryption such a wonderful thing?
George <george@nospam.invalid> wrote in
news:rvOdnVPfHdyDk13anZ2dnUVZ_omdnZ2d@comcast.com:
> Larry wrote:
>> Steve Sobol <sjsobol@JustThe.net> wrote in
>> news:slrnfrtqpl.npb.sjsobol@amethyst.justthe.net:
>>
>>> On 2008-02-22, Larry <noone@home.com> wrote:
>>>
>>>>> It's only 256 bits. It's crackable too.
>>>> Can you crack it before I hang up on a 3 minute phone call to my
>>>> bookie?
>>>>
>>>> I think NOT!
>>> I can not. But I'm not the one you need to be worried about.
>>>
>>>
>>
>> I don't need to be worried about anyone listening to my phone calls.
>> Why are you??
>>
>
> So why is skypes encryption such a wonderful thing?
>
Because they do? What the hell kinda question is that??
Todd Allcock <elecconnec@AmericaOnLine.com> wrote in
news:fppm5v$ko1$1@aioe.org:
> At 23 Feb 2008 07:20:26 +0000 Larry wrote:
>
>> > I can not. But I'm not the one you need to be worried about.
>> >
>> >
>>
>> I don't need to be worried about anyone listening to my phone calls.
>> Why are you??
>
>
> Didn't you switch to digital cellular after a business competitor
> poached a job by listening to your calls?
>
>
>
>
Yes. He was listening to my AMPS calls years ago, now. I don't do much
business on Skype, like ordering parts, etc.
Why are we leading this away from Skype being more secure than sellular and
other VoIP services worrying over me. The poster was commenting on VoIP
security in general, and I simply informed him of Skype's 256-bit
encryption. That's not my fault they do it....
Diamond Dave wrote:
> On Sun, 24 Feb 2008 04:54:39 +0000, Larry <noone@home.com> wrote:
>
>
>
>>>So why is skypes encryption such a wonderful thing?
>>>
>>
>>Because they do? What the hell kinda question is that??
>
>
> Any encryption can be cracked. Given time, money and resources, it is
> possible.
>
>
Not so! If the encryption key is random and never reused, it's
theoretically impossible to break the encryption. This follows from the
fact that encryption by an additive key is represented by one equation
with two unknowns (plain+key=cipher). If you have both the key and the
cipher text, decryption is trivial. Likewise, if you have both the
plain and the cipher text you can recover the key. If not, you are
generally out of luck. The generation and secure distribution of the
key is a logistical nightmare. This level of encryption is generally
used only by governments. See "The Code Breakers" by David Khan for
details.
Any encryption usable by a telephone system would be enough to secure
your conversation against idle curiosity but the keys used are of finite
length and are reused repeatedly and are, therefore, breakable by anyone
with the necessary resources.
Unless you are a terrorist or a big time drug dealer, your phone
conversations are probably not sufficiently interesting to justify the
effort to break any reasonably good encryption system.
On 2008-02-24, Richard B. Gilbert <rgilbert88@comcast.net> wrote:
>> Any encryption can be cracked. Given time, money and resources, it is
>> possible.
>
>
> Not so! If the encryption key is random and never reused, it's
> theoretically impossible to break the encryption.
Steve Sobol wrote:
> On 2008-02-24, Richard B. Gilbert <rgilbert88@comcast.net> wrote:
>
>
>>>Any encryption can be cracked. Given time, money and resources, it is
>>>possible.
>>
>>
>>Not so! If the encryption key is random and never reused, it's
>>theoretically impossible to break the encryption.
>
>
> The key word here is "theoretically."
>
>
If you know how to break a cipher based on the one time use of a random,
non repetetive key, the National Security Agency will probably be
willing to pay you anything you ask!
If you have a better theory and can prove it, that trick would be worth
at least one billion dollars and probably a good deal more.
If can do it, and prove it, I will request a 1% commission and live in
luxury for the rest of my life!
On Sun, 24 Feb 2008, Richard B. Gilbert posted:
> Not so! If the encryption key is random and never reused, it's theoretically
> impossible to break the encryption. This follows from the fact that
> encryption by an additive key is represented by one equation with two
> unknowns (plain+key=cipher). If you have both the key and the cipher text,
> decryption is trivial. Likewise, if you have both the plain and the cipher
> text you can recover the key. If not, you are generally out of luck.
The classic example of this is a key that is XORed to the plaintext to
generate the ciphertext. If the length of the key equals the length of
the plaintext and is never reused, then it is impossible to decrypt the
ciphertext.
If, on the other hand, the key is reused, then decryption of an XOR
encryption is a laughably trivial exercise. Once you have any known
plaintext, you have the corresponding portion of the key, which in turn
can be used to obtain more plaintext where that key is reused.
Most products that use XOR keys claim that they avoid this via a random
number generation device that does not reuse the key. What the device
uses is a time-based polynomial (since the legitimate receipient has to be
able to decode the ciphertext). The attacker then seeks to discover both
the polynomial and its inputs. Very few of these devices are secure
against such attack.
> The
> generation and secure distribution of the key is a logistical nightmare.
> This level of encryption is generally used only by governments.
Indeed. This is why XOR encryption is the domain of the clueless, the
quacks, or governments that have the resources for secure distribution of
huge keys.
IIRC, the Anti-Spoofing encryption for the Precise Positioning Service of
GPS uses an XOR key. The plaintext, cyphertext, and full history of the
key to date are completely known. What isn't known are the future key
bits nor the algorithm by which they are generated. The military value to
this encryption is the ability to decrypt in real time.
Again IIRC, PPS receivers have an interface to a military-issued module
which does the decryption. This module is installed into authorized PPS
receivers at a secure US goverment facility, has anti-tamper features, and
must periodically be sent back for an updated module.
This is not something that would work well for mobile phones. Hence the
popularity of public key type systems, which use separate encryption and
decryption keys.
Many of these are based upon the idea that while it is easy to generate
very large prime numbers, it is very difficult to factor the product of
two very large primes. Hence an algorithm which encrypts using the
product, and decrypts using the two factors, is secure as long as the
product is large enough that brute force factoring is impractical...and
that no mathematical breakthrough for factoring huge numbers is
discovered (and people are working on trying to solve that problem!).
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
"Richard B. Gilbert" <rgilbert88@comcast.net> wrote in
news:47C19C8C.9060503@comcast.net:
> Unless you are a terrorist or a big time drug dealer, your phone
> conversations are probably not sufficiently interesting to justify the
> effort to break any reasonably good encryption system.
>
>
There's the "key"...Even the Mossad who keeps all of America's phone
records in Israel (for what purpose is a mystery) wouldn't be interested
in my phone calls.
http://www.maltatoday.com.mt/2006/08/13/t1.html
"The 9-11 legacy
Part of the troubling aspect in the choice of Verint – formerly Comverse
Infosys – is its implication in an international espionage saga
involving Israeli spies which had been tracking the Al Qaeda terrorists
who carried out the September 11 attacks.
Following a far-reaching report by Fox News in January 2002, Comverse
Infosys changed its name to Verint Systems Inc on 1 February 2002. As of
31 January 2005, approximately 59 per cent of Verint’s common stock was
owned by Comverse Technology.
According to Le Monde, some 60 Israeli suspects – military spies
parading as “art students” – were detained following the September 11
attacks, suspected of having tracked the 19 Arab terrorists who carried
out the attacks without ever sharing their information with the US
government.
Six of the suspects, linked with Mossad and also the Israeli general
command, were employees of Comverse Infosys, which provided the US
government with its eavesdropping technology. Others were employed with
another Israeli firm, Amdocs.
A report by the Drug Enforcement Administration, seen by MaltaToday,
collated dozens of interrogations it held with the Israeli spies. The
DEA report says the spies “targeted and penetrated military bases”,
including DEA, FBI and other secret officers and unlisted private homes
of intelligence personnel, purporting to be art students selling their
work.
When Fox News picked up on the report in early 2001, it claimed American
terrorist investigators feared certain suspects in the September 11
attacks managed to stay ahead of them by knowing who and when
investigators are calling on the telephone.
__________________________________________________ _____________________
Suspicion fell upon Amdocs, an Israeli-based telecommunications company
which has contracts with the 25 biggest phone companies in America, and
which generates records on every single telephone call made in the US.
Allegedly, the information had been used to inform suspects they were
being watched by counter-terrorism officers.
The FBI had repeatedly conducted investigations on Amdocs over security
breaches after it suspected that records of calls in the US were falling
into the hands of the Israeli government. Suspicion had been rooted in a
1997 drug trafficking case in Los Angeles in which telephone
information, the type that Amdocs collects, was used to “completely
compromise the communications of the FBI, the Secret Service, the DEO
and the LAPD.”
The crime syndicate was found in possession of investigating officers’
cell phones, and had used them to avoid arrest. When investigators tried
to find out where the information might have come from, they looked at
Amdocs. As investigators checked their own wiretapping system for leaks,
they grew concerned about potential vulnerabilities in the computers
that intercept, record and store the wiretapped calls. A main contractor
was Comverse Infosys, which is reimbursed for up to 50 per cent of its
research and development costs by Israel’s Ministry of Industry and
Trade.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^
Comverse Infosys provided law enforcement with eavesdropping technology
but also had continuing access to the computers so they can service them
and keep them free of glitches. According to Fox News, Comverse
Infosys’s software had a “back door” through which wiretaps themselves
could be intercepted by unauthorised parties.
Investigations into Comverse Infosys were never fully carried out: Fox
News reported investigators saying that even suggesting Israeli spying
was considered career suicide, and that FBI inquiries into Comverse had
been halted before the actual equipment was ever tested for leaks.
But the parent company is also mired in controversy: US prosecutors this
week filed criminal charges against three former executives of Comverse
over manipulation of stock options. They are its founder Kobi Alexander,
and former chief executive David Kreinberg, and William F. Sorin, former
corporate secretary."
Isn't it reassuring that every phone call you make is in the hands of
the Zionist's Mossad? Who IS in control, here, anyway?
"Richard B. Gilbert" <rgilbert88@comcast.net> wrote in
news:47C19C8C.9060503@comcast.net:
> Unless you are a terrorist or a big time drug dealer, your phone
> conversations are probably not sufficiently interesting to justify the
> effort to break any reasonably good encryption system.
>
>
.....and for you Verizon Customers....wireless or otherwise:
Mark Crispin <MRC@Washington.EDU> wrote in
news:alpine.WNT.1.00.0802240955570.4888@Shimo-Tomobiki.Panda.COM:
> The classic example of this is a key that is XORed to the plaintext to
> generate the ciphertext. If the length of the key equals the length of
> the plaintext and is never reused, then it is impossible to decrypt the
> ciphertext.
>
>
On Thu, 21 Feb 2008 20:37:01 -0500, Diamond Dave
<dmine45.NOSPAM@yahoo.com> wrote in
<eo9sr3hdlipaaon1k801ff53uodseejb17@4ax.com>:
>On Thu, 21 Feb 2008 16:29:35 -0800, SMS <scharf.steven@geemail.com>
>wrote:
>
>>It's applicable to these carriers. The alt.cellular group isn't well used.
>
>Don't post GSM crap in the Verizon, Sprint or Alltel newsgroups. Last
>I checked, we use CDMA, which is much more secure!
CDMA has also been cracked. (I posted citations long ago.)
--
Best regards,
John Navas <http:/navasgroup.com>
"Usenet is like a herd of performing elephants with diarrhea - massive,
difficult to redirect, awe inspiring, entertaining, and a source of mind
boggling amounts of excrement when you least expect it." --Gene Spafford
On Thu, 21 Feb 2008 22:10:17 -0500, The Ghost of General Lee
<ghost@general.lee> wrote in
<o7fsr3ld64bcmoa0e368hdvsb8lvb7i0cu@4ax.com>:
>On Thu, 21 Feb 2008 17:58:56 -0800, SMS <scharf.steven@geemail.com>
>wrote:
>
>>Diamond Dave wrote:
>>> On Thu, 21 Feb 2008 16:29:35 -0800, SMS <scharf.steven@geemail.com>
>>> wrote:
>>>
>>>> It's applicable to these carriers. The alt.cellular group isn't well used.
>>>
>>> Don't post GSM crap in the Verizon, Sprint or Alltel newsgroups. Last
>>> I checked, we use CDMA, which is much more secure!
>>
>>Yes, this is true. But it's still applicable, IMVAIO, because at least
>>it presents one valid issue that those CDMA users should consider if
>>they are considering switching carriers.
>
>Perhaps, but it still makes you seem no better than Navas, Oxturd, or
>Butler.
Steven is, of course, a hypocrite (among other things).
--
Best regards,
John Navas <http:/navasgroup.com>
"Usenet is like a herd of performing elephants with diarrhea - massive,
difficult to redirect, awe inspiring, entertaining, and a source of mind
boggling amounts of excrement when you least expect it." --Gene Spafford
On Fri, 22 Feb 2008 04:39:45 +0000 (UTC), Steve Sobol
<sjsobol@JustThe.net> wrote in
<slrnfrskg6.92p.sjsobol@amethyst.justthe.net>:
>["Followup-To:" header set to alt.cellular.verizon.]
>On 2008-02-22, Larry <noone@home.com> wrote:
>
>> That's why there's Skype....(c;
>
>It's only 256 bits. It's crackable too.
Citation?
--
Best regards,
John Navas <http:/navasgroup.com>
"Usenet is like a herd of performing elephants with diarrhea - massive,
difficult to redirect, awe inspiring, entertaining, and a source of mind
boggling amounts of excrement when you least expect it." --Gene Spafford
On Thu, 21 Feb 2008 15:58:40 -0800, SMS <scharf.steven@geemail.com>
wrote in <47be0f7e$0$36330$742ec2ed@news.sonic.net>:
>Uh oh. Don't be doing any telephone banking or credit card ordering on
>your GSM phone.
>
>"A pair of researchers has created a low-cost and simple hack to crack
>the encryption in GSM mobile phones and intercept voice conversations
>and SMS text messages -- within minutes."
>
>http://www.darkreading.com/document.asp?doc_id=146616
That you think this is news speaks volumes about your "expertise" --
it's anything but news, and not the biggest threat.
"Real-Time Cryptanalysis of GSM's A5/1 on a PC"
by Alex Biryukov and Adi Shamir
December 9, 1999: http://cryptome.org/a5.ps (Postscript, 292K)
Abstract:
A5/1 is the strong version of the encryption algorithm used by about
100 million GSM customers in Europe to protect the over-the-air
privacy of their cellular voice and data communication. The best
published attacks against it require between 2^40 and 2^45 steps.
This level of security makes it vulnerable to hardware-based attacks
by large organizations, but not to software-based attacks on multiple
targets by hackers.
In this paper we describe a new attack on A5/1, which is based on
subtle flaws in the tap structure of the registers, their
noninvertible clocking mechanism, and their frequent resets. The
attack can find the key in less than a second on a single PC with 128
MB RAM and two 73 GB hard disks, by analysing the output of the A5/1
algorithm in the first two minutes of the conversation. The attack
requires a one time parallelizable data preparation stage whose
complexity can be traded-off between 2^37 and 2^48 steps. The attack
was verified with an actual implementation, except for the
preprocessing stage which was extensively sampled rather than
completely executed.
Remark: The attack is based on the unofficial description of the A5/1
algorithm at http://www.scard.org. Discrepancies between this
description and the real algorithm may affect the validity or
performance of our attack.
[MORE]
--
Best regards,
John Navas <http:/navasgroup.com>
"Usenet is like a herd of performing elephants with diarrhea - massive,
difficult to redirect, awe inspiring, entertaining, and a source of mind
boggling amounts of excrement when you least expect it." --Gene Spafford
On Feb 29, 9:12 am, John Navas <spamfilt...@navasgroup.com> wrote:
> On Thu, 21 Feb 2008 20:37:01 -0500, Diamond Dave
> <dmine45.NOS...@yahoo.com> wrote in
> <eo9sr3hdlipaaon1k801ff53uodseej...@4ax.com>:
>
> >On Thu, 21 Feb 2008 16:29:35 -0800, SMS <scharf.ste...@geemail.com>
> >wrote:
>
> >>It's applicable to these carriers. The alt.cellular group isn't well used.
>
> >Don't post GSM crap in the Verizon, Sprint or Alltel newsgroups. Last
> >I checked, we use CDMA, which is much more secure!
>
> CDMA has also been cracked. (I posted citations long ago.)
Strange. I asked you specifically for them, but there was never a
response.
Please retrieve them and post them again.
News: Encrypted GSM Voice Calls & SMS Messages Hacked in Minutes 
Linear Mode
