Journal 2 , September 6

Cracking GSM phone crypto via distributed computing

The encryption on cellphones has been the subject of attack for the past few years. The most recent seem to be using the new found power of GPGPU computation. GPGPU stands for General Perpose computation on Graphics Processing Units and most all of the new dedicated graphics cards can do it pretty well. The cards from ATI and NVIDIA are the main supporters of this technology.

To give you some perspective on the amount of computational power this gives programmers access to one of intel's fastest CPUs on the market the Core i7 extreme 965 tops out at 69 GigaFlops (69 Billion floating point operations / second ) in double precision Nvidia tesla c1060 can proform 1 TeraFlop (1 Trillion floating point operatons / second) of calculations per second in single precision. And up to 4 Nvidia GPGPU cards can be installed on a single custom PC for nearly 4 TeraFlops of computational power.

The goal of the hackers is to force cellphone companies to upgrade their encrytion due to the fact that for quite some time the GSM encryption that cellphones use could be broken with a large multi-FPGA system such as discribed on hackaday.com .

The implications are that GSM encrytion is hackable now if you have enough cash to buy an expensive computer setup and the expertise to build it. However with the release of the encryption key lookup table being currently being made using graphics processors anyone with a fast gaming laptop could break the encryption and listen in to cellphone calls and even intercept text messages.

Of course many people will never notice this as their phone contracts expire and they get new phones these are likely to include better encryption to keep your calls private. The people that do know about how quickly and cheaply a cell phone can be snooped in on will likely drastically change their habits when communicating.

I recently moved into town for the summer and was surprised that even in the small town I was in there were nearly 5 WiFi bases in the area. Most of them were using weak WEP or WPA encryption and not WPA2. This sort of situation where anyone with a little of know how can hack into your PC is entirely preventable.

Our society today is predominantly unaware of the dangers they are opening themselves up to by no keeping their computers and means of communication are secure. Imagine what kind of chaos would ensue if credit card numbers were stolen when people buy a product on their cellphone you might never even see the thief!

Perhaps the government could create a technology security site making available information about how to better secure your wireless devices and computers. The options for improving cellphone security are currently limited and vary since not all phones are capable of providing better encryption. The situation is better for PC since secure free operating systems like Linux and BSD are know for their security and Windows Vista is also more secure than Windows XP when it's security settings are turned up. Wireless networks in the home can also be secured with WPA2 encryption although that standard will eventually need to be replaced just like GSM.

Be safe and don't give out private information over the phone ;-) .