July 2010

Kraken Feeds on your Phone Calls

Kraken Feeds on your Phone Calls

Karsten Nohl and other members of the Chaos Computer Club are set to bring mobile phone tapping within reach of the home computer user. Karsten and team have already brought an early death to the NXP's Mifare Classic Smartcard used in many transport ticketing systems such as London underground's Oyster card system by reverse engineering it's proprietary Crypto-1 cryptographic algorithm.

Karsten's latest project (The A5/1 Security Project) announced this month on the 16th of July the release of 'Kraken'. Kraken is a software toolkit, which uses new encryption cracking tables to break the cipher used to secure mobile phone communication. Kraken has the potential to de-cipher a phone call in a matter of seconds. The Kraken software has been designed to run on inexpensive desktop computer equipment which brings phone snooping into the hands of the home computer geek.

GSM (Global System for Mobile communications) technology uses an array of radio transmitters called Base Stations (BS) to connect your cellphone with your cellular network such as Orange or Vodafone. Base Stations are all interconnected, which is why you can move from one cell to another without losing your connection. According to data from the GSM Association, about 3.5 billion GSM phones are used in nearly 200 countries worldwide.

GSM security works by authenticating the subscriber's SIM card by using a pre-shared secret and challenge-response. Once authenticated by the mobile network provider, ongoing communication is secured by one of GSM's A5 family of stream cipher algorithms.

1. A5/0 utilises no encryption.

2. A5/1 is the original A5 algorithm used in Europe.

3. A5/2 is a weaker encryption algorithm created for export and used in the United States.

4. A5/3 is a strong encryption algorithm created as part of the 3rd Generation Partnership Project (3GPP).

Kraken has been especially designed to de-cipher the A5/1 cryptographic algorithm. The A5/1 stream cipher was developed in 1987 to encrypt both voice and signalling data from a mobile telephone. A5/1 in its day was considered a strong method of keeping mobile phone calls private using 64-bit encryption, and even a watered down version of the algorithm 'A5/2' was developed to be exported outside of Europe.

Frank Stevenson, a developer within the A5/1 Security Project made the announcement of the first release of Kraken: "I have named this beast Kraken, after a Norse mythological creature capable of eating many things for breakfast. Kraken feeds of an exclusive diet of A5/1 encrypted data". He also pointed out the following hardware prerequisites needed to set up Kraken.

1. Linux machine, multicore min 3GB RAM

2. 1.7 - 2 Terabytes of hard disk space, partitioned without a file system

3. The Berlin A5/1 Rainbow table set

4. GPU support will be added for ATI Radeon HD

When Kraken was in the early stages of development, the GSM Alliance said that the research is a long way from being a practical attack on GSM. The GSMA said that they welcomed research, but continued by highlighting that "the theoretical compromise of GSM network requires the construction of a large look-up table of approximately 2 Terabytes, which is equivalent to the amount of data contained in a 20 kilometre high pile of books".

The software is regarded as a key step towards eavesdropping on mobile phone conversations over GSM networks. Since GSM networks are the backbone of 3G (or 3rd Generation of standards for mobile phones and mobile telecommunications service), even 3G phones can be compromised since when they roll back to GSM mode when a 3G network is not available.

The A5/1 Security Project have stressed that their main aim is to show how easily the A5/1 encryption can be cracked. It is anticipated that A5/1 Security Project leader Karsten Nohl will discuss the hardware and software setup during this years Black Hat Security Conference.

Further information on kraken can be found on the A5/1 Security Project website (https://reflextor.com/trac/a51)

By Suparna Sen, Smartcard & Identity News


19/05/2019 Headlines

Belfast Council Launches its Own Digital Currency

The authority has worked alongside Israeli tech firm Colu to create Belfast Coin, a virtual currency that will launch across the Northern Irish capital later th.....Read More

Android Pioneer HTC Stages Retreat from China

HTC is pulling its smartphones from two of China's largest online marketplaces, raising concerns about the brand's future.

The firm was the first to sell.....Read More

eBay Could Start Accepting "Virtual Currencies," Leaked Pics Suggest

If true, the eBay integration could open the floodgates for mainstream adoption of digital currencies. eBay currently has more than 180 million registered users.....Read More

Bank of England Calls for 'Super Shield' Against Cyber Attacks

Britain may need to copy the United States in building a "super shield" against catastrophic cyber attacks or major IT glitches that could cripple the finance i.....Read More

Lawsuit Accusing Apple of Unfairly Dominating Mobile App Sales Will Proceed

The U.S. Supreme Court, in a narrow 5-4 decision written by Justice Brett Kavanaugh, ruled that a consumer lawsuit challenging Apple Inc.'s dominance of mobile .....Read More

Cryptocurrency Exchange Cryptopia Halts Trading and Announces it is in the Process of Liquidation

Cryptopia, a cryptocurrency exchange headquartered in New Zealand, has halted trading and announced that it is now in liquidation.

In January, the exchan.....Read More

Video Interviews

Tim Jones talks on the wealth of networks

Christophe Dolique of Gemplus talks about ·SIM

Dominique Brule of Philips Semiconductors talks about Near Field Communication