Weakness of 2G mobile phone networks revealed

October 21, 2016, Agency for Science, Technology and Research (A*STAR), Singapore

The encryption scheme used for second generation (2G) mobile phone data can be hacked within seconds by exploiting weaknesses and using common hardware, A*STAR researches show. The ease of the attack shows an urgent need for the 2G Global System for Mobile Communications (GSM) encryption scheme to be updated.

GSM was first deployed 25 years ago and has since become the global standard for , used in nearly every country and comprising more than 90 per cent of the global user base.

"GSM uses an called the A5/1 stream cipher to protect data," explains Jiqiang Lu from the A*STAR Institute for Infocomm Research. "A5/1 uses a 64-bit secret key and a complex keystream generator to make it resistant to elementary attacks such as exhaustive key searches and dictionary attacks."

Any encryption scheme can be hacked given sufficient time and data, so security engineers usually try to create an encryption scheme that would demand an unfeasible amount of time to crack. But, as GSM gets older, weaknesses in the A5/1 cipher and advances in technology have rendered GSM communications susceptible to attack.

Straightforward 'brute force' attacks by guessing the secret key from the data stream are still intensively time consuming, and although A5/1 was reported to have been successfully attacked in 2010, the details of the attack were kept secret. By exploiting weaknesses in the A5/1 cipher, Lu and his colleagues have now demonstrated the first real-time attack using a relatively small amount of data.

"We used a rainbow table, which is constructed iteratively offline as a set of chains relating the secret key to the cipher output," says Lu. "When an output is received during an attack, the attacker identifies the relevant chain in the rainbow table and regenerates it, which gives a result that is very like to be the secret key of the cipher."

Using two specific exploits, Lu's team was able to reduce the effective complexity of the key to a level that allowed a rainbow table to be constructed in 55 days using consumer computer hardware, making possible a successful online attack, in most cases within just nine seconds.

"GSM is still widely used in telecommunications, but its A5/1 encryption system is now very insecure," says Lu. "Our results show that GSM's 64-bit key encryption is no longer sufficient and should be upgraded to a stronger scheme as a matter of urgency."

Explore further: Logjam isn't the only reason your computer might be more vulnerable to internet threats

More information: Time–Memory Trade-Off Attack on the GSM A5/1 Stream Cipher Using Commodity GPGPU. Applied Cryptography and Network Security. DOI: 10.1007/978-3-319-28166-7_17

Related Stories

Researcher develops intelligent encryption libraries

September 26, 2016

Sometimes, when two people or software applications are communicating via the Internet, a third party is listening. Cryptographic protocols could prevent this situation, but software developers often find it difficult to ...

Scientists break satellite telephony security standards

February 8, 2012

Satellite telephony was thought to be secure against eavesdropping. German researchers at the Horst Gortz Institute for IT-Security (HGI) at the Ruhr University Bochum (RUB) have cracked the encryption algorithms of the European ...

SIM maker Gemalto confirms possible spy attacks

February 25, 2015

European SIM maker Gemalto said Wednesday it had suffered hacking attacks that may have been conducted by US and British intelligence agencies but denied any "massive theft" of encryption keys that could be used to spy on ...

World's toughest encryption scheme found 'vulnerable'

August 23, 2011

It was announced last week that cryptography researchers have found a “vulnerability” in the encryption scheme used in the vast majority of secure online transactions – a scheme known as AES-256.

Recommended for you

Virtually modelling the human brain in a computer

April 19, 2018

Neurons that remain active even after the triggering stimulus has been silenced form the basis of short-term memory. The brain uses rhythmically active neurons to combine larger groups of neurons into functional units. Until ...

'Poker face' stripped away by new-age tech

April 14, 2018

Dolby Laboratories chief scientist Poppy Crum tells of a fast-coming time when technology will see right through people no matter how hard they try to hide their feelings.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.