Researchers have demonstrated an alarmingly simple technique for eavesdropping on individual GSM mobile calls without the need to use expensive, specialised equipment.
During a session at the Chaos Computer Club Congress (CCC) in Berlin, Karsten Nohl and Sylvain Munaut used cheap Motorola handsets running a replacement firmware based on open source code to intercept data coming from a network base station.
Armed with this, they were able to locate the unique ID for any phone using this base, breaking the encryption keys with a rainbow table lookup.
Although far from trivial as hacks go, the new break does lower the bar considerably compared to previous hacks shown by the same reasearchers. In 2009, Nohl published a method for cracking open GSM’s A5/1 encryption design using a lookup table in near real time.
Another important detail is that Nohl was able to replace the firmware of the handsets with custom software. According to the BBC report on which most stories are being based, this was only possible because the Motorola handsets in question had been reverse engineered after an unspecified leak.
How easy would it be to exploit the new hack? In short, not particularly easy. Creating a custom lookup table similar to Nohl’s would take months of work and any eavesdropper would still need to break into the handset in question.
The crack does lower the bar from being a hardware problem to one of software expertise, which will cause some alarm in the GSM engineering community.
By John E Dunn,
To attack multiple WEP and WPA encrypted networks at the same time. this tool is customizable to be automated with only a few arguments. wifite can be trusted to run without supervision.
- sorts targets by power (in dB); cracks closest access points first
- automatically deauths clients of hidden networks to decloak SSIDs
- numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
- customizable settings (timeouts, packets/sec, channel, change mac address, ignore fake-auth, etc)
- all WPA handshakes are backed up to wifite.py's current directory
- smart WPA deauthentication — cycles between all clients and broadcast deauths
- stop any attack with Ctrl+C — options: continue, move onto next target, skip to cracking, or exit
- switching WEP attack methods does not reset IVs
- intel 4965 chipset fake-authentication support; uses wpa_supplicant workaround
- SKA support (untested)
- displays session summary at exit; shows any cracked keys
- all passwords saved to log.txt
- built-in updater: ./wifite.py -upgrade
- linux operating system (confirmed working on Ubuntu 8.10 (BT4R1), Ubuntu 10.04.1)
- tested working with python 2.4.5 and python 2.5.2; might be compatible with other versions,
- wireless drivers patched for monitor mode and injection: backtrack4 has many pre-patched drivers,
- aircrack-ng (v1.1) suite: available via apt: apt-get install aircrack-ng
- xterm, python-tk module: required for GUI, available via apt: apt-get install python-tk
- macchanger: also available via apt: apt-get install macchanger
- pyrit: not required, optionally strips wpa handshake from .cap files
Download : wifite.py
More Info : wifite – Project Hosting on Google Code
inSSIDer is an award-winning free Wi-Fi network scanner for Windows Vista and Windows XP. Because NetStumbler doesn’t work well with Vista and 64-bit XP, an open-source Wi-Fi network scanner designed for the current generation of Windows operating systems.
What’s Unique about inSSIDer?
- Use Windows Vista and Windows XP 64-bit.
- Uses the Native Wi-Fi API.
- Group by Mac Address, SSID, Channel, RSSI and “Time Last Seen”.
- Compatible with most GPS devices (NMEA v2.3 and higher).
How can inSSIDer help me?
- Inspect your WLAN and surrounding networks to troubleshoot competing access points.
- Track the strength of received signal in dBm over time.
- Filter access points in an easy to use format.
- Highlight access points for areas with high Wi-Fi concentration.
- Export Wi-Fi and GPS data to a KML file to view in Google Earth.
More Info: inSSIDer Wi-Fi Scanner | Metageek