The only surprising thing here is just how out of date the catalog appears to be when compared to the current offerings from these (and many other) vendors.
Most of these products have brochures and commercials on the vendor website and social media pages they aren't overwhelmingly classified.
The lack of any information about the Hailstorm device is notable. Hailstorm is the version that can break 3G/4G connections, supposedly. Breaking GSM is not anything remarkable because GSM was designed on the assumption that cell site simulators didn't exist. But 3G authenticates the tower. Whatever Hailstorm is doing, it's not just taking advantage of a missing design requirement, it's actually subverting the crypto itself.
Unfortunately it seems there's nearly nothing public about it.
3G uses the KASUMI or A5/3 cipher which was shown to be easily broken in in 2010 (two hours on a PC via a related key attack):
>we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity. Interestingly, neither our technique nor any other published attack can break MISTY in less than the $2^{128}$ complexity of exhaustive search, which indicates that the changes made by the GSM Association in moving from MISTY to KASUMI resulted in a much weaker cryptosystem. - http://eprint.iacr.org/2010/013
This is actually far worse than cell site simulation because it is a passive attack and so is totally undetectable. You could just setup recording equipment, hide them in a van and start decrypting conversations. Given how much weaker KASUMI is from MISTY is seems possible this was a backdoor engineered by an intelligence agency. If so, it certainly tells the lie to NOBUS (no one but us).
Odd how the GSM association always generates breakable ciphers.
As far as I know the 2010 attack isn't applicable to actually deciphering 3G in the real world. From the paper:
"However, the new attack uses both related keys and chosen messages, and thus it might not be applicable to the specific way in which KASUMI is used as the A5/3 encryption algorithm in third generation GSM telephony. Our main point was to show that contrary to the assurances of its designers, the transition from MISTY to KASUMI led to a much weaker cryptosystem, which should be avoided in any application in which related key attacks can be mounted"
The changes from MISTY to KASUMI were justified by the designers, they weren't random. The reasons were to make it easier to implement in hardware, and more efficient. They explicitly stated they thought the changes wouldn't make it more susceptible to related key attacks. I am skeptical it's the result of IC manipulation.
Additionally Hailstorm is supposed to work against 4G connections and those use AES instead of Kasumi.
I suspect Hailstorm is not doing anything more sophisticated than jamming 3G/4G frequencies to force a downgrade.
It might be. The stuff I've read suggests developing it was a difficult project and Harris is the only one that has such a product. Seems unlikely if all it's doing is jamming.
