Ask HN: GSM encryption suppression

1 point

9 years ago

I already asked the question here but have not got any answers... https://security.stackexchange.com/questions/157316/gsm-encryption-suppression

The following papers explain that it is possible to suppress the encryption (or downgrade) in GSM using faked messages:

https://pdfs.semanticscholar.org/3a86/4f867aadaea449623ddbf288c18815e7eb00.pdf

https://www.researchgate.net/publication/283723257_Investigating_Vulnerabilities_in_GSM_Security

The main problem seems, that the messages, which are used to determine which encryption protocols are supported, are not integrity protected so an attacker can modify them.

I am just wondering how you would realize that? Do I have to drop the message which comes from the base station (is that even possible?) or can I impersonate the user and send a message to the base station that indicates that I am only supporting A5/1 ? How would you guys realize that? Using osmocomBB or are there other ways?