Semi-active is yet different from MITM attacks. The idea is to record an encrypted call. After the call finishes, you very briefly connect to the phone, negotiate A5/2 and crack the key needed to decrypt the recorded call. The attack takes a few seconds and no rainbow tables.
Hopefully, many new phones do not support A5/2 anymore, though. The same attack idea carries over to downgrading A5/3 to A5/1. More details on slides 25/26 of http://events.ccc.de/congress/2009/Fahrplan/attachments/1479_26C3.Karsten.Nohl.GSM.pdf Cheers, -Karsten On Jan 2, 2010, at 6:17 PM, Jacob Appelbaum wrote: > Fabio Pietrosanti (naif) wrote: >> Hi all, >> >> am i wrong or the semi-active interception is much more 'easy' than >> the passive one? >> >> I mean, it appears like 'less hidden' (so detectable in case of real- >> world-attack-usage) but much simpler in terms of 'requirements'. >> >> Does semi-active approach is simpler and does not require huge >> rainbow >> tables? >> > > It is correct that an active MITM is much easier than a passive > attack. > > It is also infinitely more detectable. If you can cause a handset to > join your network, you don't need to crack any kind of crypto at all. > > Here's a recording that I made of my GSM phone call using one of my > base > stations and my very own telephone: > > http://crypto.nsa.org/f-21/cell-tap.ogg > > To capture this recording I configured my phone to join my network > and I > terminated the outgoing call over VOIP. Recording the audio was as > simple as running tcpdump. Nothing special and of course quite easy > to do. > > Best, > Jacob > > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
