Researchers plan to show today how to break the encryption that protects information sent over the General Packet Radio Service (GPRS), a standard commonly used to send data to and from mobile devices, and from other devices such as smart meters. This breach makes it possible to listen in on data communications such as e-mail, instant messages, and Web browsing on smart phones, as well as updates from automated industrial systems.
The researchers, who will make their announcement at the Chaos Communication Camp, a hacker event taking place near Berlin, Germany, previously cracked the Global System for Mobile Communications (GSM), which is used to carry calls among 80 percent of the world's mobile phones. GPRS is an older technology that often supplements GSM, for example when faster 3G connections are unavailable. Smart phones, including the iPhone, use GPRS when operating on Edge networks (when the network connection says "E" rather than "3G"). Phones that don't support 3G use GPRS all the time. Both GSM and GPRS are used worldwide, though in the United States some major carriers, including Verizon and Sprint, use a competing standard.
Phones might be the most familiar devices affected by the research, says Karsten Nohl, founder of Security Research Labs, a Berlin-based research consultancy that conducted the work. But the standard is also used in some cars, automated industrial systems, and electronic tollbooths. "It carries a lot of sensitive data," Nohl says.
Security researchers haven't looked at the GPRS standard much in the past, Nohl says, but since more and more devices are using GPRS, he believes the risk posed by poor security is growing.
Nohl's group found a number of problems with GPRS. First, he says, lax authentication rules could allow an attacker to set up a fake cellular base station and eavesdrop on information transmitted by users passing by. In some countries, they found that GPRS communications weren't encrypted at all. When they were encrypted, Nohl adds, the ciphers were often weak and could be either broken or decoded with relatively short keys that were easy to guess.
The group generated an optimized set of codes that an attacker could quickly use to find the key protecting a given communication. The attack the researchers designed against GPRS costs about 10 euros for radio equipment, Nohl says.
GPRS has not suffered very many security problems in the past, says Jukka Nurminen, a professor of data communications at Aalto University in Finland who spent 25 years at the Nokia Research Center. If the researchers have truly achieved what they claim, Nurminen says, many mobile communications could be much less secure. Depending on mobile operator and subscription plan, some devices maintain a GPRS connection at all times, particularly those whose users access e-mail and instant message applications from their phones.
However, Nurminen adds, it might be possible to mitigate the risk by encrypting communications when they are sent, using common e-mail and Web-browsing tools. He notes that GPRS security is also affected by regulations in different countries, and that some laws undermine security by requiring governments to be able to break into communications if necessary.
The GSM Association, a London-based organization representing mobile operators, handset makers, and other industry interests, regulates GPRS as well as GSM. The organization says it is reviewing Nohl's research but has not yet learned enough to comment.
Nohl says companies will be negligent if they ignore the risks. He suggests that mobile applications take steps now to use encryption such as SSL, which already protects much of the sensitive information sent over the Internet. Nohl hopes that cellular network companies will require better authentication among devices and base stations communicating over GPRS. He also believes the ciphers used by the standard should be upgraded.
