Researcher Says Simple Security Fixes From Carriers Would Have Prevented NSA Collection Of Cell Communications

from the we're-nos.-1-whatever,-why-try-harder? dept

Hanlon's Razor states: never attribute to malice that which is adequately explained by stupidity. Replace "stupidity" with "laziness" and you've got one researcher's theory as to why cell phone carriers failed to make basic efforts to provide a secure product -- one that would have prevented the NSA's collection of communications. (h/t to DSLreports)

The world's mobile phone carriers have failed to implement technology fixes available since 2008 that would have thwarted the National Security Agency's ability to eavesdrop on many mobile phone calls, a cyber security expert says.

Karsten Nohl, chief scientist with Berlin's Security Research Labs, told Reuters ahead of a highly anticipated talk at a conference in Germany that his firm discovered the issue while reviewing security measures implemented by mobile operators around the world…

None of the carriers surveyed had implemented measures for thwarting a method that allows the NSA to eavesdrop on most mobile calls by unscrambling a widely used encryption technology known as A5/1[…] Nohl said that method would have been blocked if carriers had applied two patches released in 2008.
Were carriers compelled to leave this hole open for NSA exploitation? It's a good question, but Nohl says the more likely explanation is that carriers simply didn't find the problem worth addressing.
"I couldn't imagine it is complicity. I think it is negligence," he said. "I don't want to believe in a worldwide conspiracy across all worldwide network operators. I think it is individual laziness and priority on network speed and network coverage and not security."
As has been observed everywhere, the path of least resistance is favored by many entities, even those not explicitly performing government work. Making a minimum of effort dumped customers' conversations right into the NSA's lap.

Of course, if the NSA had knocked on these carriers' doors and asked for a small favor, like leaving a security hole big enough to drive a semi full of unused privacy protections through, chances are many would have said, "Sure, why not." Verizon and AT&T have only very belatedly joined the national conversation on intelligence gathering, after spending months shuffling around the periphery while staring at the floor. For years, these providers have handed over everything the agency's asked for and shown an active interest in helping it anticipate what it might need next.

But Nohl's theory dismisses a worldwide conspiracy to dump cell phone customers' conversations into the waiting ears of the NSA -- something that's more likely to be true. While American carriers have proven to be useful NSA allies, very little has been exposed about the compliance rate of foreign carriers. Not that their resistance would matter much (or that they'd even be approached directly), as foreign intelligence agencies have been just as "helpful" as AT&T and Verizon in terms of granting access to data and communications -- much of which ultimately ends up in the NSA's sprawling lockboxes.

The moral here, if Nohl is correct, is that the industry's idle hands are the NSA's workshop. Not doing something can be just as harmful as complete complicity.



Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    Violynne (profile), Jan 14th, 2014 @ 3:39am

    "I couldn't imagine it is complicity. I think it is negligence," he said. "I don't want to believe in a worldwide conspiracy across all worldwide network operators. I think it is individual laziness and priority on network speed and network coverage and not security."

    This thinking is inaccurate. Yes, there *was* a worldwide network operation conspiracy.

    For crying out loud, it doesn't take a genius to see the price gouging, price fixing ways of the telcos without seeing the tradeoff is allowing governments to spy on their customers.

    Show me a single country whose government isn't into spying on its people and I'll show you a country without a cell network.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jan 14th, 2014 @ 3:54am

      Re:

      I'll take, "What is a human?" for $500, please.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      weneedhelp (profile), Jan 14th, 2014 @ 9:29am

      Re:

      "I couldn't imagine it is complicity. I think it is negligence," he said. "I don't want to believe in a worldwide conspiracy across all worldwide network operators. I think it is individual laziness and priority on network speed and network coverage and not security."
      -
      He wouldn't believe in a world wide conspiracy, but will believe ALL telcos techs were inept or negligent? Or just missed that patch... give me a break.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Eldakka (profile), Jan 14th, 2014 @ 1:31pm

        Re: Re:

        If (and it's a big 'if') the patches significantly increased resource requirements (CPU/Memory) of the telco-side devices, then from a commercial perspective it is not beyond the realm of possibility that a BUSINESS-level decision overrode any techie-level decision and the business decided not to apply them due to the cost requirements in purchasing new kit/facilities space.

        But I do prefer the conspiracy theory ;)

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 14th, 2014 @ 4:23am

    such a shame that, certainly in the USA more than anywhere else i think, that there isn't an alternative carrier. that makes me wonder if it was Congress fault and the restricting of the number of carriers, allowing one to buy the other and becoming the biggest, was the aim?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 14th, 2014 @ 4:24am

    So, this retroactive immunity that was granted to the telcos: Does it include negligence as well?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Sumanth, Jan 14th, 2014 @ 4:30am

    Carriers fooling people

    Don't know why, but i think carriers do comply with the NSA terms. What can they do when the gov is on NSA side.
    Lets hope it wont get any worse :)

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 14th, 2014 @ 4:59am

    This isn't news. 10 years ago researchers found A5/1 and A5/3 to be weak (A5/2 as well, but was a deliberately weakened version of A5/1 for export).

    This article did not need to name-drop Snowden, but then who'd read it?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      aldestrawk (profile), Jan 14th, 2014 @ 12:59pm

      Re:

      The news is about why the telecoms don't fix a well known security weakness, not that there is a weakness. Publicly known attacks against A5/1 have been known since 1994. Undoubtedly, the NSA and GCHQ were able to crack this from the time of it's initial adoption in GSM. The following is from the Wikipedia entry for A5/1:

      "According to professor Jan Arild Audestad, at the standardization process which started in 1982, A5/1 was originally proposed to have a key length of 128 bits. At that time, 128 bits was projected to be secure for at least 15 years. It is now estimated that 128 bits would in fact also still be secure as of 2014. Audestad, Peter van der Arend, and Thomas Haug says that the British insisted on weaker encryption, with Haug saying he was told by the British delegate that this was to allow the British secret service to eavesdrop more easily. The British proposed a key length of 48 bits, while the West Germans wanted stronger encryption to protect against East German spying, so the compromise became a key length of 56 bits.[5]"

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    alan turing, Jan 14th, 2014 @ 5:24am

    gullibility

    "I couldn't imagine it is complicity. I think it is negligence," he said. "I don't want to believe in a worldwide conspiracy across all worldwide network operators. I think it is individual laziness and priority on network speed and network coverage and not security."

    If you can't imagine the former how can you swallow the latter?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Ninja (profile), Jan 14th, 2014 @ 5:36am

    Carriers being efficient? With a State-granted monopoly?

    Joke?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 14th, 2014 @ 5:44am

    Yeah...I'm going with complicity. After they received immunity from Congress a few years ago for stuff like this, why would they care?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    scotts13 (profile), Jan 14th, 2014 @ 5:55am

    Why can't it be both? Publicly traded companies aren't there to do things right; they're there to increase stockholder profits. If it cost $5 or took five minutes to increase security, it's off the table unless it makes that money back. And, if this negligence pleases the government, at whose pleasure the company exists, so much the better.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 14th, 2014 @ 6:24am

    what was that saying? oh.. yes..

    "Idle mind is devil's workshop"

    rephrase this now...

     

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Jan 14th, 2014 @ 6:51am

    Sheesh. Discussing a "theory" of how happened rather than every day FACT of it done.

    Just more Typical Techdirt distraction with weenie-ing academic digging into details. WHO THE HELL CARES?

    We KNOW what's going on: universal and increasing spying which can't be avoided -- even when done by Google and Facebook. Globalist mega-corporate monsters conspire with gov'ts to steal our privacy in order to put in place a PEOPLE CONTROL system. -- And by the way, Google has just plunked down 3.2 BILLION of its untaxed for "Nest" which makes "smart" thermostats in order to SNOOP on you better.

    QUIT WEENIE-ING with academic "theory". Just state some damn opposition to being spied on by every corporation and gov't department.

    Where Mike sez: "Any system that involves spying on the activities of users is going to be a non-starter. Creeping the hell out of people isn't a way of encouraging them to buy. It's a way of encouraging them to want nothing to do with you." -- So why doesn't that apply to The Google?

    02:50:32[c-501-5]

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 14th, 2014 @ 8:05am

    ....

    Plausible deniability?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    krolork (profile), Jan 14th, 2014 @ 9:05am

    We need a revolution.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Ac, Jan 14th, 2014 @ 11:38am

    Saw this via Dutch media but not yet on techdirt. Seems like a relevant intentional weakening of gsm did occur when the standard was designed.

    http://www.aftenposten.no/nyheter/uriks/Sources-We-were-pressured-to-weaken-the-mobile-security-in-t he-80s-7413285.html

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 14th, 2014 @ 12:18pm

    Worth Not Addressing

    "Nohl says the more likely explanation is that carriers simply didn't find the problem worth addressing."

    More likely they found the so-called "problem" to be worth not addressing.

    "I don't want to believe in a worldwide conspiracy across all worldwide network operators."

    No, not a single "worldwide conspiracy", but multiple conspiracies worldwide. Every government worldwide has security agencies that want to spy on their own citizens. And every cell phone company worldwide is dependent on their government for permission to operate. One hand washes the other. That's the ways the system is setup.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    aldestrawk (profile), Jan 14th, 2014 @ 1:19pm

    encryption only used between handset and cell tower

    To put the NSA monitoring of cell phone (and landline) traffic in the U.S. into perspective, there are two ways to do this. Encryption only comes to play between the mobile phone hand set and the base transceiver station (the local cell tower). The contents of a call is not encrypted within the trunks and switching equipment of the telecoms. Since it appears the NSA has it talons, and high capacity Narus monitoring equipment within the telecom infrastucture, they don't have to bother with decrypting call contents. The only reason they would bother to monitor handset/tower communications is where they don't have such core access or perhaps when they have a particular target.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Phil, Jan 18th, 2014 @ 7:31am

    I Googled A5/1 and found a YouTube explaining it along with other web sites.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    The Ceej, Jan 20th, 2014 @ 11:28pm

    Remember Ceej's Razor...

    "Never attribute to stupidity or negligence what can adequately be explained by malice."

    Yeah. Hanlon can go slit his wrists with HIS razor for all I care.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This