While going through my backlog of RSS entries that have piled up over the past week, I came across this story from Byron Achohido (via Threatpost, which I highly recommend) who talks about the moral ambiguity of the release of tools that can allow rainbow tables made for cracking the A5/1 GSM encryption cipher. First, let’s get this out of the way: Attacks like this against A5/1 have been around sine at least October 2007. The big deal with these new tools is that they provide the basis of taking the computation time down from days or hours to seconds. These tools are rainbow table generators. They do not do any kind of sniffing or cracking, just a boat load of computations.
This aside, I find the story interesting for a number of reasons: First I like how the iPhone is specifically mentioned. Byron mentions that:
Hackers could go after sensitive information exchanged while using Web apps for phone banking and stock trading; or they could eavesdrop on sensitive conversations, discussion about medical histories, for instance.
Actually, in cases where you are on a 3G network, you’re safe from this attack on the data side, as 3G networks use the A5/3 cipher. The problem is that, at least in AT&Ts case, even if you are on a 3G network, any voice calls are routed over regular GSM channels, which use the faulty A5/1 cipher. I believe T-Mobile is in the same boat. Fixing this is rather simple from a technical standpoint, just flip the voice side over to 3G as well. Of course, we know that in real life it’s almost never that simple. Both carriers’ 3G network is nowhere near the size of their GSM networks, and who knows what kind of capacity they have on the 3G side. However, the decision here is completely on the carrier: What do they value more, their customers security and privacy or their profit margin?
Plus, I think the larger question here is when did mobile phones become secure? I think any person with a background in Information Security or Radio that was around in the early 1990s either monitored cell phones or knew of someone that did. While with the introduction of digital phones the monitoring became more difficult by your simple geek, given a sizable sum of money, it is still possible. The creation of devices such as Cryptophone proves this. Even before these tools were released, there are attacks on GSM in the wild which are “active” attacks, such as spoofing cell towers and then telling the phone to go sans encryption.
Next, regarding the question of releasing these tools; Byron calls the release taking the “morally debatable high ground.” I think his logic is really flawed, and he shows why in his article:
As this timeline depicting the emergence of the Conficker worm shows, the bad guys pay big bucks to black hat researchers adept at finding vulnerabilities, which can be immediately exploited for profit — before anyone issues a patch.
And now grey hat researchers, like Moore and Nohl, build careers out of concocting campaigns to embarrass vendors under the banner of compelling vendors to resolve security flaws in popular products – usually highly profitable cash cows — in a timely manner.
It’s been shown that attackers pay large sums of money for attacks that aren’t patched, making a market for enterprising attackers with questionable morals to develop them. With the existence of this market, why are we assuming that the bad guys don’t have rainbow tables for A5/1 already computed and are actively recording calls from high value targets? Cons It’s silly. Releasing these tools essentially destroys the already tattered blanket of ignorance people have been wrapping themselves up in since people started shouting that A5/1 was insecure and once again shows us that mobile phones are, by their very definition, insecure devices.