Open-Source project jeopardizes banking with mobile devices
The GSM network was never seen to be really secure. Since a long time people are talking and discussing theoretical approaches how to break the GSM encryption method A5/1. So far the effort to compromise the method was too high for the average attacker. Now after the announcement of Karsten Nohl (“Subverting the security base of GSM” @ HAR 2009 Hacking at Random http://har2009.org) to launch an Open-Source project for attacking the A5/1 standard, no-one can count anymore on the GSM security mechanism. Short to midterm the encryption standard will be broken and with that not only normal phone calls but also all text messages can be picked-up easily.
The capabilities needed are no longer from a governmental size. The needed infrastructure might cost less then 800US$. With that the banking industry will no longer be able to trust the GSM platform for transmitting mobile transactions codes (TAN’s) to authorize online-transactions.
Nohls goal is to create a rainbow table which will include all possible A5/1 keys. He expects to have the full table ready within several months with the support of estimated 200 PC’s of the on-line community. The more people join the faster the table will be available. With a standard PC the estimated computing time would be 100’000 years. More details about the project and the software used to calculate the table can be found at http://www.reflextor.com/trac/a51.
If the project is successful and the rainbow table will be available to the public, all GSM network provider need to move on to another secure encryption method. This requires also a massive exchange on the hardware side as the mobile phones will need to support the mechanism too. How to bring a new encryption mechanism to every mobile phone out there? Who has ever updated his phone, the bios or the software on top? With the exception of Apple’s iPhone I’m not aware of any manufacturer who has a regular software update cycle for his phones out in the field. Only RIM has a standard platform allowing an organization to easily push updates remotely to a phone.
How could such an attack be launched?
You may all know the mobile strong authentication mechanism where a classic password is used combined with a One-Time-Password (OTP) transmitted to a mobile device over the GSM network along with a text message. With the existence of the mentioned rainbow table, the risk of using such an approach for online-banking, payment systems, sensitive applications and high privileged access is not acceptable anymore.
As a first step a classical attack for the static password will be launched. For this, methods like trojans, root kits, wiretapping, shoulder surfing, social engineering, guessing or discovering of written down password will be used. Not many users are using highly sophisticated passwords and if you see how people are using their PIN’s on public payment terminals it gets clear how much they care sometimes. User-ID and password tables can also be purchased on-line. Depending on the power of the person and the size of the organization in scope such a combination can be purchased for a single to three digit dollar value.
The attack against the text message will le launched using the rainbow table with the encryption keys. This needs to happen real time.
How do we realize now the real time attack for the text message exploit? This is very simple, we just launch either a DoS attack against the victim or with the help of a DNS spoofing we just disconnect the user for a certain period of time. Within this timeframe we launch the attack and log-on to the application. A standard user will see the interruption of the service as a standard network outage and will allow an attacker enough time to get his job done.
A successful mobile attack as described above needs three factors to be successful. First we need to get the static password which can be realized in advance without any time pressure. Second we need to launch the near real time attack against the One-Time-Password. The third part of the attack is needed to gain the extra time needed to realize the criminal intend. If an attacker can realize a financial gain bigger then 1’500 US$ with one victim the investment for the infrastructure and software needed for it has paid of already. From that moment onwards every successful attack creates direct financial return. That’s big business.
I expect most enterprise organizations to move soon to third party encryption software on their mobile phones to ensure safety of the information. I can only recommend to all of you to check careful what you are allowing to happen on your mobile devices. If you have any kind of awareness material or guidance documentation, please bring them to my attention and I will make sure that the large community can benefit from them. As usual feel also free to send us your ideas, feedback and comments.
-Andreas
The capabilities needed are no longer from a governmental size. The needed infrastructure might cost less then 800US$. With that the banking industry will no longer be able to trust the GSM platform for transmitting mobile transactions codes (TAN’s) to authorize online-transactions.
Nohls goal is to create a rainbow table which will include all possible A5/1 keys. He expects to have the full table ready within several months with the support of estimated 200 PC’s of the on-line community. The more people join the faster the table will be available. With a standard PC the estimated computing time would be 100’000 years. More details about the project and the software used to calculate the table can be found at http://www.reflextor.com/trac/a51.
If the project is successful and the rainbow table will be available to the public, all GSM network provider need to move on to another secure encryption method. This requires also a massive exchange on the hardware side as the mobile phones will need to support the mechanism too. How to bring a new encryption mechanism to every mobile phone out there? Who has ever updated his phone, the bios or the software on top? With the exception of Apple’s iPhone I’m not aware of any manufacturer who has a regular software update cycle for his phones out in the field. Only RIM has a standard platform allowing an organization to easily push updates remotely to a phone.
How could such an attack be launched?
You may all know the mobile strong authentication mechanism where a classic password is used combined with a One-Time-Password (OTP) transmitted to a mobile device over the GSM network along with a text message. With the existence of the mentioned rainbow table, the risk of using such an approach for online-banking, payment systems, sensitive applications and high privileged access is not acceptable anymore.
As a first step a classical attack for the static password will be launched. For this, methods like trojans, root kits, wiretapping, shoulder surfing, social engineering, guessing or discovering of written down password will be used. Not many users are using highly sophisticated passwords and if you see how people are using their PIN’s on public payment terminals it gets clear how much they care sometimes. User-ID and password tables can also be purchased on-line. Depending on the power of the person and the size of the organization in scope such a combination can be purchased for a single to three digit dollar value.
The attack against the text message will le launched using the rainbow table with the encryption keys. This needs to happen real time.
How do we realize now the real time attack for the text message exploit? This is very simple, we just launch either a DoS attack against the victim or with the help of a DNS spoofing we just disconnect the user for a certain period of time. Within this timeframe we launch the attack and log-on to the application. A standard user will see the interruption of the service as a standard network outage and will allow an attacker enough time to get his job done.
A successful mobile attack as described above needs three factors to be successful. First we need to get the static password which can be realized in advance without any time pressure. Second we need to launch the near real time attack against the One-Time-Password. The third part of the attack is needed to gain the extra time needed to realize the criminal intend. If an attacker can realize a financial gain bigger then 1’500 US$ with one victim the investment for the infrastructure and software needed for it has paid of already. From that moment onwards every successful attack creates direct financial return. That’s big business.
I expect most enterprise organizations to move soon to third party encryption software on their mobile phones to ensure safety of the information. I can only recommend to all of you to check careful what you are allowing to happen on your mobile devices. If you have any kind of awareness material or guidance documentation, please bring them to my attention and I will make sure that the large community can benefit from them. As usual feel also free to send us your ideas, feedback and comments.
-Andreas
Responses
Re: Open-Source project jeopardizes banking with mobile devices
I don't understand what the phone OS has to do with this, referring to the above comment, and the iPhone has been broken seven ways from Sunday. RIM is OK if your organization uses BBerry Enterprise Server. Otherwise, you're still trusting RIM to not snoop your communications, or reveal them to other (government?) parties. Also, the public open-source project is not what has jepordized mobile banking. The known-insecure channel plus the privately-held exploits should be of more concern. Just because this project went public, does not indicate that they are the first to do it.