Karsten Nohl

from Wikipedia, the free encyclopedia
Karsten Nohl

Karsten Nohl (born August 11, 1981 ) is a German crypto specialist . His research areas include GSM security, RFID security and the protection of privacy.

Life

Nohl grew up in the Rhineland and studied electrical engineering at the Heidelberg University of Applied Sciences from 2001 to 2004 . From 2005 to 2008 he received his PhD from the University of Virginia on Implementable Privacy for RFID Systems . Since 2010 he has been research director and managing director of the Berlin-based Security Research Labs GmbH. Nohl worked as interim CISO for Jio from 2014 to 2017 and for Axiata in 2017 .

Research areas

RFID security

Mifare Security

Together with Henryk Plötz and Starbug from CCC Berlin , Nohl announced in December 2007 that the encryption algorithm used in Mifare Classic RFID smart cards had been cracked. The Mifare Classic Card was used for payment in many micropayment applications such as the Oyster card, CharlieCard, or the OV-Chipkaart.

Legic Security

Together with Henryk Plötz, Nohl disclosed the faulty RFID security of Legic Prime in December 2009. The talk demonstrated how Legic uses multiple layers of proprietary techniques instead of standardized encryption and cryptographic protocols. Due to these deficiencies, Legic cards could be read and emulated and a master token could be created.

Electronic immobilizer security

At SIGINT-2013, Nohl pointed out the insecurity of electronic immobilizers. He showed examples of security gaps in the three most widespread systems DST40 ( Texas Instruments ), Hitag 2 ( NXP Semiconductors ) and Megamos (EM Micro).

Cellular security

deDECTed.org

In 2008, Nohl was part of the deDECTed.org project group, which pointed out serious defects in the DECT protocol on the 25C3 .

In April 2010, Nohl published together with Erik Tews and Ralf-Philipp Weinmann details on the cryptanalysis of the proprietary and secret encryption algorithm used by DECT ( DECT Standard Cipher ), which is based on reverse engineering of DECT hardware and descriptions from a patent specification.

A5 / 1 Security Project

In the summer of 2009, Nohl presented the A5 / 1 Security Project. This project represents an attack using rainbow tables on the GSM encryption standard A5 / 1. With the help of volunteers, the key tables were calculated in a few months and published in December 2009 on the 26C3.

The GSM Association called Nohl's project illegal and denied that wiretapping was actually possible. He replied that his research was purely academic.

The THC hacking group had already started to precalculate key tables for A5 / 1 in 2008, but probably never published the tables due to legal problems.

GSM sniffing

At the 27C3 in December 2010, Nohl and Sylvain Munaut demonstrated how cell phone calls can be recorded and decrypted using converted cheap cell phones and the open source software OsmocomBB . Both showed that the GSM encryption can be cracked "in around 20 seconds" and calls can be recorded and played back.

GPRS security

At the Chaos Communication Camp 2011 , Nohl and Luca Melette showed in a lecture that data traffic based on GPRS is insecure. They stated that they recorded several data transmissions in the German cellular networks of T-Mobile , O2 Germany , Vodafone and E-Plus . Several cell phone providers used either no or insufficient encryption. With a modified mobile phone, the data traffic could be read from a range of five kilometers.

SIM cards DES hack

At Black Hat 2013 and OHM 2013, Nohl demonstrated that many cell phones still use SIM cards with DES encryption, which has long been considered unsafe . With " Over The Air (OTA) " communication it is possible to provide a SIM card with updates, applications or new keys via SMS . The messages are digitally signed with DES, 3DES or AES for security . For a specially signed error message with known plain text , Nohl created a rainbow table for 56-bit DES within a year . The attack scenario: an attacker sends the victim a signed SMS. With the help of the Rainbow Table it is possible to crack the DES key of a SIM card in a few minutes and to crack the internal key. ( Known Plaintext Attack ). This enables an attacker to send signed SMS, which in turn load a Java applet onto the SIM card. These applets have a variety of options, such as sending SMS or permanent location of the device. This could attack z. B. Sending messages to foreign chargeable services. In principle, the Java Virtual Machine should ensure that each Java applet is only allowed to access predefined interfaces. Nohl found out that the Java sandbox implementations of at least two major SIM card manufacturers - including market leader Gemalto - are insecure and that it is possible for a Java applet to leave its environment and thus access the entire SIM card Has. This allows for the duplication of SIM cards including the IMSI , authentication key (K i ) and payment information stored on the card.

GSM Security Map and SnoopSnitch

At the 30C3 in December 2013, Nohl presented the Android app “GSMmap”. With the help of a Samsung Galaxy S2 or S3 (including root access), the app collects information about the (data) protection capabilities of cellular networks. The collected data can be added to the database of the homepage "GSM Security Map" with the consent of the user. The "GSM Security Map" evaluates mobile radio networks worldwide on the basis of selected protection criteria and provides information on the protection level visually and in the form of retrievable "Country reports" .

At 31C3 in December 2014, Nohl presented the Android app “SnoopSnitch” as a possible countermeasure against various mobile network security attacks. "SnoopSnitch" can be used to collect and analyze cellular traffic data on various smartphones with Qualcomm chipsets and root access. Among other things, the app gives the user information about the encryption and authentication algorithm, SMS and SS7 attacks and possible IMSI catchers .

The data collected via SnoopSnitch can be added to the database of the "GSM Security Map" homepage with the consent of the user.

SS7 hack

At the 31C3, Nohl presented a side-channel attack using Signaling System 7 (SS7) on UMTS communication and described other SS7-based attacks that can enable text messaging, the determination of location coordinates and various fraudulent methods.

Android patching

In April 2018, Nohl pointed out the security status in the mobile Android environment. Nohl and his colleagues analyzed Android firmware images from various smartphone providers. In some cases a so-called “patch gap” was found where the vendors did not apply all patches for security holes. These should have been fixed based on the monthly security patch level specified in the firmware. Nohl published an updated version of the open source app Snoopsnitch, with which users can run tests on their Android phones to check whether there is a “patch gap” on their device.

Security of payment and booking systems

Attack on electronic cash logs

For the 32C3 , Nohl and colleagues demonstrated an attack on the ZVT and Poseidon EC card protocols. This is a dialect of ISO 8583 . Both protocols are the most common payment protocols in German-speaking countries.

Vulnerabilities in online travel booking systems

In December 2016, the “Security Research Labs” team pointed out security flaws in online travel booking systems. 90% of the world's flight reservations and a high proportion of hotel, car and other travel bookings are managed by the three largest providers of Global Distribution Systems (GDS) Amadeus , Saber and Travelport. Karsten Nohl showed details at the 33C3 in Hamburg.

Research on IT security

BadUSB

At Black Hat 2014 , Nohl and Jakob Lell pointed out the security risks of USB devices. The USB standard can be used in a wide variety of ways and there are different classes of devices. The process is based on the reprogramming of USB controller chips, which are widely used and are used in USB sticks, for example. There is no effective protection against rewriting, so that a harmless USB device can be misused as a harmful device in many ways. Possible scenarios are:

  • A device can emulate a keyboard and commands on behalf of the logged-in user and install malware which also infects connected USB devices.
  • A device can pretend to be a network adapter , change the computer's DNS setting and redirect data traffic.
  • A modified USB stick or a USB hard drive can load a small virus during the boot process, which infects the operating system before it boots.

Defense against such attacks is not yet possible because malware scanners do not have access to the firmware version of USB devices and behavioral detection is difficult. USB firewalls that can only block certain device classes do not (yet) exist. The usual routine for eliminating malware - reinstalling the operating system - fails here because the USB stick from which the installation is carried out may already be infected, as may a built-in webcam or other USB device, for example .

In addition, a proof of concept for Android devices was published to test the security.

Web links

Individual evidence

  1. ^ A b Teresa Goebbels: GPRS hacker Karsten Nohl: The perfect criminal. stern.de, August 11, 2011, accessed on August 11, 2011 .
  2. a b c Daniel Bachfeld: GPRS connections can be eavesdropped easily. heise online, August 10, 2011, accessed on August 11, 2011 .
  3. a b c d CV Karsten Nohl (PDF file; 110 kB)
  4. Imprint of Security Research Labs GmbH (SRLABS) ( Memento from March 4, 2016 in the Internet Archive )
  5. ^ Karsten Nohl LinkedIn. Retrieved April 16, 2019 .
  6. Press Release: Lost Mifare obscurity raises concerns over security of OV-Chipkaart. January 8, 2008, accessed August 11, 2011 .
  7. 24C3: Mifare. Retrieved August 11, 2011 .
  8. 24C3: Mifare. (MP4 Video 94MB) Retrieved August 11, 2011 .
  9. Legic Prime: Obscurity in Depth. In: media.ccc.de. Retrieved April 16, 2019 .
  10. Schedule SIGINT 2013. Archived from the original on December 31, 2014 ; Retrieved July 8, 2014 .
  11. deDECTed.org. Archived from the original on October 27, 2010 ; Retrieved August 11, 2011 .
  12. Stefan Krempl: 25C3: Serious security gaps in cordless telephony with DECT (update). heise online, December 30, 2008, accessed on August 11, 2011 .
  13. ^ Daniel Bachfeld: Cryptanalysis of the DECT encryption. April 26, 2010, accessed August 11, 2011 .
  14. a b Daniel Bachfeld: Open source project goes to GSM. heise online, August 26, 2009, accessed on August 11, 2011 .
  15. 26C3: GSM: SRSLY? (mp4 video 666MB) Retrieved August 11, 2011 .
  16. Christoph H. Hochstätter, Andrew Nusca: 26C3: German hacker cracks GSM encryption. ZDNet, December 29, 2009, accessed on August 11, 2011 .
  17. 27C3: Wideband GSM sniffing. In: media.ccc.de. Chaos Computer Club, December 28, 2010, accessed August 11, 2011 .
  18. Stefan Krempl: 27C3: Eavesdropping on GSM cell phones further facilitated. heise online, December 28, 2010, accessed on August 11, 2011 .
  19. 27C3 wideband GSM sniffing. (mp4 video 512 MB) December 28, 2010, accessed August 11, 2011 .
  20. ^ Camp 2011: GPRS Intercept. Retrieved August 11, 2011 .
  21. a b Christian Kirsch: ITU warns of danger from SIM card hack. heise Security, July 21, 2013, accessed on July 8, 2014 .
  22. a b c d e f Jürgen Schmidt: DES hack exposes millions of SIM cards. heise Security, July 21, 2013, accessed on July 8, 2014 .
  23. a b c d e f g h Rooting SIM cards. Security Research Labs, accessed July 9, 2014 .
  24. Uncovering the Android Patch Gap. In: Hack in the Box 2018. Retrieved April 16, 2019 .
  25. SnoopSnitch. Retrieved April 16, 2019 .
  26. Outdated payment protocols expose customers and merchants. Security Research Labs, accessed December 29, 2015 (eng).
  27. Patrick Beuth: EC cards: Security researchers hack the EC payment system. Zeit Online, December 22, 2015, accessed December 29, 2015 .
  28. Legacy booking systems disclose travelers' private information. Security Research Labs, accessed March 29, 2018 .
  29. BadUSB - On Accessories that Turn Evil by Karsten Nohl + Jakob Lell. Black Hat, August 11, 2014, accessed September 15, 2014 .
  30. ^ Black Hat USA 2014. Retrieved September 15, 2014 (Briefings).
  31. a b c d e f g h i j k Turning USB peripherals into BadUSB. Security Research Labs, archived from the original on April 18, 2016 ; accessed on July 15, 2014 .
  32. Patrick Beuth: Any USB device can become a weapon. Die Zeit , July 31, 2014, accessed on September 15, 2014 .