GSM Goes Nekkid - Maximally Entangled

December 29, 2009

So… looks like Karsten Nohl went through with one of the most pervasive open source experiments in IT history. The GSM A5/1 encryption algorithm is now cracked, code books have been generated, real-time decryption and snooping is now a distinct possibility using off-the-shelf hardware (ATI/Nvidia/IBM-Tosh PS3 Cell Procesors/USRP2) and open source software (Asterisk, OpenBTS).

Assuming that Karsten’s statements are true, the GSMA is going to have their hands full defending and mitigating fallout from this eventuality:

4BN phones affected by this public reveal
It is stupid easy to dupe a GSM phone into revealing it’s IMSI (subscriber ID) and have it mate to a rogue base station
A5/3 is a better algorithm but hasn’t been adopted by GSMA… and even its days are numbered
Karsten & Co. will demonstrate GSM device nudification on December 30th in Virginia or Berlin, room A03 though ;)

The result of Karsten’s decision could lead to progress in other areas of IT:

Open sourcing A5/1 code books and making the program available on SVN makes it a certain terrorist honeypot. Tracking those downloads and subsequent network flows could reveal some actionable intelligence.
The A5/1 code book weighs in @ 128 petabytes and takes 90 days to generate on 40 CUDA nodes. I wonder what that could drop to with 100K nodes using commodity cloud and a Map-Reduce library. There seems to be plenty of interest in getting Amazon to offer a GPU cloud.
Fast multi-core aware algorithms for parsing and correlating the code book using Haskell or Clojure are other opportunities for improvement.

The downside is obvious:

One can hope this doesn’t end up doing harm. By exposing a ‘security through obscurity’ vulnerability, Karsten has done the morally correct thing. But I fear that any malicious use of this source code will tarnish the reputation of open source even though such lapses are likely to be prevalent in the closed source ecosystem.

Let’s see how this turns out.

Previous post Dawn of Location Social Dopplr, Whrrld, FourSquare, SimpleGeo, GeoAPI, Layar - welcome to the burgeoning world of location oriented services. As I write this, GeoAPI has Next post Avatar in real life Pretty interesting post by Sara Sidner (CNN) about villagers fighting a big corp. Only difference is that “Toruk Makto” is not Sam Worthington but a