The article mentions that 4 phones, a laptop computer, and a lot of specialized software were needed (they mention open-source, but there are no details).
Also, the process they describe seemed to be much more time-consuming than just 3 minutes.
The process itself is quite fast, after watching the talk I'd guess 3 minutes for singling out a single phone via sending SMS, and maybe 2 minutes for cracking the key itself.
The software is indeed very specialized, and according to the guy doing the demo it will be released, but without the last polishing to run the attack on an actual live network, but claims that it took him less than 1 week of work to come from currently published code to the stuff he's shown in the attack.
But of course to come to the level of expertiese of Sylvain Munaut will take a mere mortal more than a year of studying GSM... ;-)
But compared to the previous 'hack' that needed a $50K radio and weeks of post-processing it's pretty good.
Especialyl since it also demonstrates how to target a particular phone - the previous GSM cracks captured all the packets on all the phones in a cell, so it was only much later you worked out which was the phone you were looking for - too late if they moved to a new cell while you were recording.
To be fair, you can easily carry around 2 TB in a single large-form external. Coupled with a general car to wall AC adaptor, you can travel around town with it.
Not to mention the fact that since it's just a simple look-up table with lots of small entries, you could store it in the cloud and only get what you need via the same GSM connection.
That's a lot of data to be uploading to the cloud, but I read you.
I wasn't saying it wasn't doable, but rather it's not just as easy as grabbing your laptop and a $15 phone, which is how it's being reported, for the most part.
Actually, four cheap phones (4x Motorola C123) have been used, operating in parallel. :-)
And they have furthermore been modified to remove filters that in "normal" phones improve signal reception but for this particular application would prohibit you from listening to the base-station-to-phone direction.
Yes, 4 ... but the number is not really important, mostly depends on the activity of the cell. Also my code is currently highly sub obptimal (I use 1 entire phone to listent to 1 control channel ... in theory a single phone could dump 32 of them at once).
And only one single of those was modified (the one used to dump the traffic/voice channel, the other only listen to the BTS)
I wonder if one could crack it even faster with more than 4 phones sniffing. Maybe 8 or 16 phones? You could easily fit those in a backpack, along with a 2TB external HDD. Assuming the sampling rate is the bottleneck, you could maybe get down into the sub-60second range with a few more phones....
no, more phone wouldn't make it faster
Also, having the hdd with you is really not required, you can just use a beefy external server you ssh to via a 3G data connection or something.
FTA: "Munaut demonstrated the way in which GSM . . . allows anyone to determine a subscriber’s current location with a simple Internet query, to the level of city or general rural area."
or download the video via bittorrent: ftp://media.ccc.de/pub/congress/2008/video_h264_720x576/25c3-2997-en-locating_mobile_phones_using_ss7.mp4.torrent
The article mentions that 4 phones, a laptop computer, and a lot of specialized software were needed (they mention open-source, but there are no details).
Also, the process they describe seemed to be much more time-consuming than just 3 minutes.