Home » News » Peripheral News » Phone Call Encryption Cracked & Code Put On Internet

Phone Call Encryption Cracked & Code Put On Internet

Gordon Kelly by

Phone Call Encryption Cracked & Code Put On Internet

GSM (Global System for Mobile communications) is the standard which more than three billion of us use to speak to one another on our mobile phones. Its ubiquitous, but it is also old and now: fully exploited...

This week 28 year old German computer engineer Karsten Nohl announced he has not only managed to decipher GSM's encryption, but also published the secret code which enables it (the file is in excess of 2TB) onto the Internet. Asked for his motivations behind the move Nohl was forthright.

"This shows that existing GSM security is inadequate," he said at the Chaos Communication Congress, a four-day computer hackers' conference in Berlin. "We are trying to push operators to adopt better security measures for mobile phone calls."

GSM has been broken before, but this is the first time the code itself has been unlocked which opens the way for potentially greater exploitation.

Attempting to downplay the development, GSM spokesperson Claire Cranton said large scale hacking of private phone calls was "theoretically possible but practically unlikely... What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me."

It isn't beyond us. Widespread campaigning for networks to upgrade their GSM technology has gone on for many years and been largely ignored. Nohl's is a desperate move to force their collective hands. That said, don't start panicking. What Nohl has cracked is the 64bit A5/1 algorithm and there is a newer 128bit A5/3 algorithm in place and already used by about 20 per cent of the market. I suspect this proportion should at last start rising rapidly at. long. last.

Link:

via The NYT

Go to comments

Jay4d0

December 29, 2009, 9:15 pm

so can modern mobile phones support 128bit A5/3a and it is only a case of the networks 'enabling' it on their networks? or is a handset upgrade required too?

Gordon394

December 29, 2009, 9:34 pm

@Jay - just a network upgrade I believe, since 128bit has also been around for a long time.

Ryan131

December 29, 2009, 10:10 pm

I'm sure they really don't want to buy new software licenses for all their masts :¬)

piesforyou

December 29, 2009, 10:16 pm

I don't like it.

Chocoa

December 30, 2009, 12:26 am

whoever is welcome to listening to me moaning in the checkout at Sainsbury's, or the the bus is late to my mates ;)

smodd

December 30, 2009, 1:24 am

Should be fully investigated cuz some GSM 128 bit encryptor hardware or software maybe behind this to increase the sales to mobile operators...

Rickysio

January 1, 2010, 1:04 pm

Pretty sure it has been cracked since ages ago (how hard can brute forcing be, even with previous gen hardware? People that do these sort of things are patient.)- this just happens to be the first group that actually alerted the world to it.

comments powered by Disqus