[Infowarrior] - GSM Researcher stopped at Heathrow Airport by UK government officials

Richard Forno rforno at infowarrior.org
Thu Apr 17 12:47:22 UTC 2008 

From: security curmudgeon <jericho at attrition.org>

http://blog.thc.org/index.php?/archives/1-GSM-Researcher-stopped-at-Heathrow
-Airport-by-UK-government-officials.html

I was leaving today from the United Kingdom/Heathrow airport. I am about
to speak at the HITB IT security conference about GSM security and the
USRP (gnu-radio project).

I was searched by the UK government while waiting at the Gate and reading
a newspaper. A UK Government employee flipped his badge and said "Let's
talk. Come over here".

They detained my USRP (Software Defined Radio), my mobile phone and my
personal SIM card.

They did their homework. They knew who I am, where i live, which day I
speak at the conference and who I work for.

I'm involved in the GSM software project where we also developed a new
attack against the GSM encryption A51. We published our research in
February at the Blackhat security conference in Washington DC.

I understand that the government wanted to make sure that I'm not
exporting any cryptanalytic device.

I did not. I will not. The USRP is a radio. My mobile phone is a normal
nokia 3310 phone and my SIM card is a sim card.

They said they do not know what the USRP is and that I can not take it
until they have checked it in the lab. This can take 14 days (1/2 month).

So be it. They have it for 14 days. Guys, enjoy the device! It's fun
playing around with it!

I'm uneasy that they took my mobile phone and my sim card. Having a
pregnant wife at home and not being reachable complicates my situation.

Is this common practice? Are they allowed to do this?
Any tips how I can get my mobile phone and my sim card back quicker?

Our project: http://wiki.thc.org/gsm
The USRP is available from http://www.ettus.com
The GNU RADIO project: http://www.gnu.org/software/gnuradio


stunning,

THC
---
Appendix: Surprisingly they did not detain my laptop or my paperwork which
would be the most likely place to store any information related to
cracking A51. They were also not interested in my 160GB harddrive which
would have been the obvious place for storing the rainbow tables. Neither
were they interested in the high performance FPGA chip.

Instead they took all equipment that could have been used for
demonstrating that GSM signals can be received with publicly available
hardware for 700 USD.

It does not appear that they were after cryptanalytic information.

I received a yellow paper about my detained goods. They left the field
blank that reads
"The goods specified below are detained for the following reason:". What
reason?

They also crossed out the field "Agent" of the officer who was in charge
of the operation.

More information about the Infowarrior mailing list