In fact, Muller argues, GSM encryption was cracked--theoretically--in academic papers as early as 1998...Undetectable, "passive" systems like the one that Muller and Hulton have created aren't new either, though previous technologies required about a million dollars worth of hardware and used a "brute force" tactic that tried 33 million times as many passwords to decrypt a cell signal.
All of that means, Hulton and Muller argue, that their cheaper technique is simply drawing needed attention to a problem that mobile carriers have long ignored--one that well-financed eavesdroppers may have been exploiting for years. "If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?" Muller says.
Wiretapping Made Easy
Andy Greenberg, 02.21.08, 12:53 AM ET
Washington - Silently tapping into a private cellphone conversation is no longer a high-tech trick reserved for spies and the FBI. Thanks to the work of two young cyber-security researchers, cellular snooping may soon be affordable enough for your next-door neighbor.
In a presentation Wednesday at the Black Hat security conference in Washington, D.C., David Hulton and Steve Muller demonstrated a new technique for cracking the encryption used to prevent eavesdropping on global system for mobile communications (GSM) cellular signals, the type of radio frequency coding used by major cellular service providers including AT&T, Cingular and T-Mobile. Combined with a radio receiver, the pair say their technique allows an eavesdropper to record a conversation on these networks from miles away and decode it in about half an hour with just $1,000 in computer storage and processing equipment.
Hulton, director of applications for the high-performance computing company Pico, and Muller, a researcher for mobile security firm CellCrypt, plan to make their decryption method free and public. In March, however, they say they'll start selling a faster version that can crack GSM encryption in just 30 seconds, charging between $200,000 and $500,000 for the premium version.
Who will be the customers for their innovative espionage technique? Hulton and Muller say they aren't sure yet. But they plan to offer the method to companies that will integrate it with radio technology, not sell it directly to the law enforcement and criminal customers who will undoubtedly be interested in putting it to use. "We're not creating the technology that does the interception," Muller says. "All this does is crunch data."
Delicious
Digg
Reddit
Newsvine
Furl
Google
Yahoo
