Hi All, Guys, there is more fun here. Many ATMs (at least in Russia) use GPRS/EDGE modems to send data to banks. I doubt they use really good encryption at high level and I fear they nay not use encryption at all. So if you can decrypt ATM's GPRS/EDGE uplink, then you can get a lot of credit card codes. I heard rumors that criminals use IMSI-catching on ATMs to get credit card information, and passive attack will make it just easier.
On Wed, Dec 30, 2009 at 16:59, Eckhard Jokisch <[email protected]> wrote: > Hi all, > seems that not all mails get thru the list at the momen. I.e. I did not > get Karsten's OP. > > My position to this is: > First they ignore you, then they laugh at you, then they fight you, then > you win. > At present the public is waking up and the stage of their fight is starting. > I suggest to carry on and to disclose every research result that is reached. > And if they really start fighting let's see if there is a way to talk to > them. That might end up in a lawsiute against them as they claim Karsten > did something illegal but it doesn#t have to end up like this. > > Obviously there is a bit more freedom and justice remaining in Germany > than in the states and I do not want to go to the US anyway during this > lifetime. Would be a pitty if I could not go to some workshops in UK > anymore but for me it is important to protect the public against the > risk that A5/1 exposes to them. Thus I can take some of the grey stuff > on my shoulders if you like. > > We should start to talk to the banks for example. ANZ Bank > (Australia,NZ,... ) is very proud of their mobile banking system that > enables customers to do instant money transfer via cell phone If it is > possible to intercept this kind of transactions on a private GSM-network > (that does not belong to one of the big players) the banks will get > interrested in putting force to the public networks because the damage > that will be caused by criminals ( and they will do this) will be enormous. > > Cheers > Eckhard >> Hi Karsten: >> >> I will like to give you more info. >> >> Preliminary info: It is totally legal to listen, decrypt or decode your own >> mobile phone worldwide. I have an international radio license from United >> Nations, and read all legal stuff about this with lawyers. >> What could be illegal, is to distribute or use against another party. >> >> The problem is that cell operations do not want to invest in upgrading the >> technology, now OBSOLETE. As you know, GSM Rainbow Tables are available >> worldwide since 1998. Many Spy Shops are NOW selling the equipment for u$s >> 500.000.-! (i could post all sellers) >> >> It could decode and listen to a conversation in 2-3 seconds MAXIMUM. The >> main problem for them is the active channels to monitor 4-8-12-16. More >> control channels, more hardware, more expensive. >> >> Academic research is totally legal. Radio first code was MORSE. So, GSM is >> similar. The problem is that commercial people do not want to upgrade their >> technology ($$$). And prefer to persuade people investigation. >> >> Nowadays, WPA-Wireless is also easily intercepted, 3G or KASUMI could be >> decoded also, AES256 U.S. official govermement algorythm could be attack >> easily since Asiacrypt2009, etc. NSA or any agency are implementing their >> own private distributed networks (check accessdata.com) >> >> What I suggest is to use private and stronger crypto systems. Solution: >> PRIVATE Networks. (Like TETRAPOL) >> >> Javier >> >> >> >>> From: [email protected] >>> To: [email protected] >>> Date: Wed, 30 Dec 2009 12:07:50 +0100 >>> Subject: [A51] No demonstration at 26C3 today >>> >>> Dear list, >>> >>> Congratulations to the discussion we started on the security of A5/1. >>> This was the primary goal and we did it in very challenging time >>> frame. Thanks to everyone! >>> >>> The demonstration planed for today is canceled. Let me explain the >>> reasons and perhaps start a discussion on how the project should >>> progress from here: >>> >>> A. The GSMA and some of its members make strong claims that what we >>> do is illegal. We do not believe that is the case and that this >>> research has not once crossed the line into illegality. However, not >>> being lawyers ourselves and knowing how complex wire-tapping laws are, >>> we want to reconfirm with our counsel that using the rainbow tables >>> for academic purposes is legal. >>> >>> B. Starting the discussion on how much security GSM deserves was one >>> of our main goals. We did it. The next steps must not contradict this >>> positive message we want to get across. I'll put this as a question to >>> the list: Do we risk killing a positive dialogue with operators and >>> suppliers by providing attack tools too fast? I understand that we are >>> 15 years into hacking GSM, but it did hit some industry players as >>> news this week. Would it be fair to give them a few extra weeks to >>> digest what should have been known years ago? >>> >>> Please let me know what you all think ... >>> >>> Cheers, >>> >>> -Karsten >>> _______________________________________________ >>> A51 mailing list >>> [email protected] >>> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >>> >> >> _________________________________________________________________ >> Windows Live Messenger GRATIS: lo que faltaba en tu BlackBerry >> http://www.messengerentublackberry.com?ocid=WL_BB_LandPage_TagLine >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> A51 mailing list >> [email protected] >> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >> > > > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > -- Regards, Alexander Chemeris. _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
