[A51] New A5/1 attack patented
javier_falbo at hotmail.com
Thu Dec 27 05:00:40 CET 2012
Yes, from what i could read, we could use it to prevent the frequency hopping efect (or decode the stream and also change the frequency remote) and track the conversation even after hoping. A5/2 trick is old, that by forcing a 3G phone to move to GSM.Solution: Put on your phone do not authorize DUAL MODE, just fix it on 3G. I think what the article try to focus is on this "new" man in the middle attach, that with a normal PC you could take the key in 1 second.Which is maybe similar as the IMSI catchers or creating a fake cell. Nowadays i am working to implement this on any android device with a special python script and custom rom :)Android is open source. Regards.
> Date: Thu, 27 Dec 2012 04:43:32 +0100
> From: 246tnt at gmail.com
> To: m.bevand at gmail.com
> CC: a51 at lists.reflextor.com
> Subject: Re: [A51] New A5/1 attack patented
> > Elad Barkan and Eli Biham (them again) filed a patent which was made
> > public 2 months ago. It appears to be a new attack against A5/1:
> > http://www.google.com/patents/US8295477
> I've just did a quick scan through it and didn't really see what's
> "new" about it ...
> The abstract seems to describe the very well known A5/2 attack and
> it's optimization. They also describe in the invention the classic
> downgrade attacks (sinceit all A5/x share the same Kc, you attack A5/2
> or A5/1 using an imsi catcher and reuse the found Kc to decrypt
> intercepted A5/3 data for eg).
> Can you pin point exactly what "new" about it ?
> AFAICT it's just the exact stuff they published 10 years ago ...
> A51 mailing list
> A51 at lists.reflextor.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the A51