Might be of interest to some. Basically in 2003/2004 a group of researchers published a paper advising on weaknesses in gsm. Nothing has really been done by the mobile operators to fix this problem. Therefore security group is currently running a project which will enable anyone with a 2 TB drive, a laptop and some radio equipment (which doesn't cost of the earth)
QuoteA5/1 has operated unchanged for the last 21 years but it has now reached its cryptographic end-of-life, engulfed by the march of Moore's Law. However, the operational end-of-life of A5/1 may still be decades away as there are approximately 2 billion GSM subscribers, commanding about 80% of the global mobile market. This would be a tough product recall indeed. A5/1 is well-positioned to become the NT of the mobile crypto world, and I see the makings of a long tail of GSM vulnerability.
http://lukenotricks.blogspot.com/2009/09/another-crack-at-open-rainbow-tables.html
PayPal are going to have to do some rethinking.
Anyone who relies on GSM as 'secure' is crazy anyway - we all know the gummint is listening! >:D
Quote from: Rik on Sep 14, 2009, 09:03:05
PayPal are going to have to do some rethinking.
What do PayPal
*spit* do over GSM? Do they allow transactions over SMS or something?
PayPal send 'tokens' via SMS to authorise transactions.
sms is vulnerable to the hack. Many compaines use sms to provide one time security codes and the like, paypal included.
I wonder if the Airwave system provided by O2 which has replaced most police, fire and ambulance analogue communications will suffer from the same security flaw. As far as I know it uses GSM technology but on a lower frequency (380Mhz) than mobile phone communications (900 & 1800Mhz).
It seems likely, JB, doesn't it.
QuoteI wonder if the Airwave system provided by O2 which has replaced most police, fire and ambulance analogue communications will suffer from the same security flaw. As far as I know it uses GSM technology but on a lower frequency (380Mhz) than mobile phone communications (900 & 1800Mhz).
I have a feeling that they use additional encryption on top of gsm, a read something about it, god knows where though.
I still miss being able to use my scanner. :)
QuoteI still miss being able to use my scanner. Smiley
Those were the days. Having army landrovers trying to triangulate where you where whilst garden hopping. Not that I would ever have done such a thing of course.
Of course. ;D
Quote from: somanyholes on Sep 14, 2009, 13:02:07
I have a feeling that they use additional encryption on top of gsm, a read something about it, god knows where though.
I'm sure that's right.
I too find I have less 'interesting' things to listen to on my scanner these days.
It's a shame, isn't it.
Quote from: Rik on Sep 14, 2009, 09:14:22
PayPal send 'tokens' via SMS to authorise transactions.
Ah, they never do that to me, than goodness! :D
It's optional, I believe.