How Secure Are Mobile Networks?
mobilesecurity.com [London, UK] Our reliance on mobile networks is growing at a fast rate, with the number of devices accessing cellular networks expected to surpass the world population in the next few years. 3G and 4G provide a convenient and often speedy data connection when no suitable, or sensibly secured, Wi-Fi option is available. Most of us use them on a daily basis with complete trust, but as data is only as secure as the connection on offer, a sensible question is 'how secure are our mobile networks?'
As with many aspects of security an absolute answer is hard to establish but generally the accepted wisdom is that they’re 'more secure' than static Wi-Fi – largely because sniffing mobile network data requires more expertise and better equipment. Whereas in theory any criminal with a laptop, the inclination and access to certain tools could crack a Wi-Fi connection, mobile data connections aren't as straightforward to hack but not impossible.
In January 2010 the encryption cipher proposed for use in securing 3G data was theoretically cracked. This was demonstrated in a paper delivered by members of the Faculty of Mathematics and Computer Sciences at the Weizmann Institute of Science in Israel. The work studied an iteration of the then yet-to-be implemented block cipher known as KASUMI (used in A5/3 encryption), cracking it in a simulated 'related-key sandwich attack'.
The paper shows the work in detail, but what grabs most attention is the amount of time the attack took to be successful. The methodology is far from simple, but the paper explains the “complexities are so small that we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity".
It sounds worrying, but 'theoretically cracked' is the key phrase. While the paper focused on cracking the KASUMI cipher itself, it was done with the intention of showing that compared to a previous version of the cipher (used for GSM encryption, and known as A5/1, or MISTY), KASUMI didn't represent a significant improvement in security. What the move to KASUMI did bring about was less demanding encryption for handset hardware, and ease of implementation across mobile networks.
Although A5/3 type encryption may not be perfect, any cybercriminal with intent to snoop on 3G data would need a fair number of things at their disposal in order to crack it. Not only would they have to understand any theory of weaknesses, but they would also have to practically relate those to implementations of A5/3 encryption used in actual 3G networks, or have tools which could do so. Add to that a required knowledge of the equipment needed to 'sniff' 3G data signals, the monetary and time resources, and a specific inclination and...It’s possible.
Speaking to The Register at the time the Weizmann paper was released, cryptography expert Karsten Noël commented that “...the attack should stand as a reminder that A5/3 and any other cipher will need to be replaced eventually”, hinting that theoretical cracking wasn't immediate danger. A form of update has since been realised, with the introduction of 4G networks. These employ a separate cipher and encryption technique.
The SNOW 3G stream cipher is believed to be part of it, and reportedly isn't vulnerable to the theoretical weaknesses of the KASUMI block cipher used in 3G data encryption. Still, even theoretical weaknesses are more secure than practical insecurities offered with Wi-Fi. So for optimum data security mobile network connections would seem to offer a more solid, if slower connection. If that sways you into using more mobile data 3G, HDSPA or 4G data, be sure to keep an eye on your allowance, and to avoid any overages.