The problem with comparing with aircrack-ng is that together with a supported wifi-card (often built-in in laptops, or bought for ca 20usd) you have a complete tool for capture and cracking, out of box. If you compare that with this project, the cracking/decoding is just half the part, you still need expensive hardware to capture the traffic. But sure, if the tool is well made, its just a matter of money. So if I understand everything correctly, what you need (in hardware) to CAPTURE somebody's phone-call is: USRP Daughterboard Some antenna +Software of course 700USD+150USD+35USD = 885USD (http://www.ettus.com/order)
Or am I missing something? On Fri, Jan 1, 2010 at 21:05, Fabio Pietrosanti (naif) < [email protected]> wrote: > Hi all, > > this is a provocative email. > > IMHO we need "practical", really practical ability for hackers to > "easily" make gsm hacking and gsm interception. > > We need something like aircrack-ng for WiFi, we need that anyone with > basic knowledge and not that big costs could start playing and hacking > gsm. > > Why? > > Because if we don't reach that goal the problem will be always there, > GSM equipment is not going to be replaced easily. > > What's already happened with other technologies like 802.11/WEP? > > Until well known, cheap and easy to use attack tools was diffused the > industry did not reacted by making WPA1, WPA2 and working on security > awareness. > > The real sense of full disclosure is this. > > GSM is sensitive, mobile voice and data interception is a strong > matter and companies, governments and various agencies does not want > anyone being able to break it. > > The interception tool exists. > > But they costs a lot of money (200-600k) and officially can be brought > only by governments (even if most private agencies have it...). > So only private spies, organized crimes, law enforcement, secret > services and military can use it. > > And the general feeling of the man walking the street is that "calls > and data are secure". > Because they don't feel the risk, a real risk for the system, for the > economy, for the industry, for the democracy itself. > > If people does not "taste" the risk, they will not react. > > Is the "public" is not *strongly aware* about the problem, then > problem for them DOES NOT EXISTS (like has been done in past 15 years). > > Mobile networks are building block of the information society, and > information society is the building block of the information and > services economy where we live. > > All past GSM hacking attempt got serious attention from authorities > and big lobbies, there was always "legal" problem and "pressure" on > the project founders. > > I think we should think about it seriously, Karsten also told in > various talk about such kind of "pressure". > > The project should probably increase it's resilience to possible > attacks to the project itself, with the creation of always up-to-date > mirror of the informations and development environment, sharing of > mailing lists subscribers to always keep the community up&running. > > Then on top of that framework it would be fine to get some financing > for additional development and refinement and eventually even build > some business around it to make it economically sustainable and reach > the "point-click-sniff" tool. > > It's a very difficult step but if we want to really change the > landscape of the mobile security we should reach a level that will > "force" the industry to upgrade or when not possible to explicitly do > awareness about the risk. > > On Windows Vista if i connect to an open wifi network i receive the > advice that the network is insecure and someone could sniff the traffic. > > Well, let's force them to do awareness on the users if the don't want > to upgrade, users should always know what they are using and what are > their risks. > > Telecommunication companies account 3 quarter of the european high > yield bonds (http://www.cadwalader.com/assets/article/HighYieldBondMk.pdf > ), they are plenty of debt to invest in selling dumb sing and logos > for mobile, restricting network neutrality of the internet and a lot > of very nasty and lobbystic stuff. > > > I would like to see them to invest more in securing the information > society, that is the foundation of their business required to sustain > their debt. > > Let's do everything to make the project reach a "point-click-sniff" > tool, at least on software side. > > Let's release everything, with very precise documentation, so privacy > activists can demonstrate the risks to the masses. > Let's mirror everything across trusted networks. > Let's get public donations and private funding to carry on the > development. > Let's increase documentation and community strength to expand the > knowledge. > > That's my personal point of view, all you guys have made an excellent > job, now we should not stop. > > We should goes on, let anyone insisting on privacy activism in the > world, on information society right to "access" the technology that > demonstrate how the industry acted. > > We need more people involved that will start using the "tools" around > the policy and activism scene, that will make the process unreversible. > > Without an easy to use attack tool available for anyone that want to > show up which are the risks, all this effort not reach the result. > > Citizens and politicians will not care about it, and worst things will > do all the bests to say that "everything it's ok, it was just a fun > stuff by some bunch of young hackers!". > > Fabio > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >
_______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
