Securing the Mobile Enterprise

September 5, 2009

Mobile hack shows need for security upgrade • The Register

Filed under: Mobile Security,security — Balaji Prasad @ 12:19 am
Tags: , , ,

Recently security journals all over the world splashed the news that GSM security was compromised by using a Rainbow table. However the approach was deemed impractical by GSMA as requiring 2TB of data and enormous amount of number crunching to invert the one way hash function. The approach to do this is called the Shor’s algorithm named after its inventor Peter Shor. Shor’s algorithm takes a long time to execute on a classical (Von Neumann) computer but can be done a lot faster on a quantum computer. In fact Shor’s Algorithm is designed specifically for a quantum computer.
Quantum computers are no longer theoretical constructs, we now have word of a working prototype that actually runs on a single silicon chip.


August 30, 2009

hacking A5/1

Filed under: Mobile Security — Balaji Prasad @ 11:52 pm
Tags: , ,

A5/1 is a stream cipher that is used to provide OTA security on GSM wireless networks. Vulnerabilities in this protocol have been known for years. It has been rumored that these vulnerabilities were left unfixed more due to political concerns than technical.Earlier this month, researcher Karsten Nohl has unveiled software that uses the distributed computing power of thousands of graphics processors (a la-‘ SETI) to construct a massive rainbow table  of GSM codes. A rainbow table is just a fancy name for a look up table that allows one to “invert” a hash. This hack in its most benign form would allow the community to come up with an open-source GSM protocol (though the market and business case for this is as yet unclear), however a more sinister manifestation would allow a hacker to snoop the airwaves and listen in on any cellular conversation(shudder!!). In the US, Verizon and Sprint are unaffected by this flaw, though AT&T and T-Mobile are potentially vulnerable. Presently there is no software or technique out there that can exploit this, however that could change soon. The GSM Association is said to be working on updating this decades old protocol and address some of its security flaws. About time!!

Blog at