TechSpot

Hacker cracks and publishes GSM call encryption code

By Jos
Dec 29, 2009
  1. The 21-year old encryption standard used to protect phone calls on the most widely used mobile standard has been cracked. Karsten Nohl, a German computer engineer revealed yesterday that he had deciphered the binary codes for the 64-bit GSM encryption algorithm known as A5/1 by simple brute force, and then published his findings to the hacking community in a bid to expose weaknesses in the security of global wireless systems.

    Read the whole story
     
  2. Timonius

    Timonius TS Evangelist Posts: 640   +56

    Forget the 128-bit, better go bigger and make sure you hire Nohl to make it better.
     
  3. TorturedChaos

    TorturedChaos TechSpot Chancellor Posts: 831   +18

    Makes me a little nervous that someone cracked it - through brute force none the less - but mostly I see this as a good thing. That encryption code has been in use for 21 years, sounds like it needs to be updated any ways. Whose to say someone hasn't cracked it already and just didn't say anything? Hopefully we something new very soon.
     
  4. tengeta

    tengeta TS Enthusiast Posts: 612

    Its just sad that a 21 year old standard IS the standard to begin with. I assumed years ago it was cracked and they just didn't come out about it. Encryption lives a very short life, especially these days.
     
  5. Timonius

    Timonius TS Evangelist Posts: 640   +56

    You're probably right tengeta and TorturedChaos. This may have been a simple and convenient cover story. haha!
     
  6. Vrmithrax

    Vrmithrax TechSpot Paladin Posts: 1,290   +239

    It's hard to imagine that government agencies with massive budgets and the most sophisticated hardware hadn't done a simple brute-force hack of the GSM code long ago. But hey, if I was an agency interested in intelligence or espionage, I'd sure keep the fact that the code was cracked quiet, so people would freely say things they normally wouldn't if they had no confidence in the security of their connection... I'm just sayin... :)
     
  7. I can't believe it took 21 years to crack it.
     
  8. Zeromus

    Zeromus TS Booster Posts: 224   +7

    What? He won a bid? Aw, I bet he didn't bet for crap :(
     
  9. compdata

    compdata TechSpot Paladin Posts: 526

    100% right on. Anyone who thinks their cell calls are "secure" is in denial :)
     
  10. satty

    satty TS Rookie Posts: 27

    I dont believe he is the first one who did it(21 years....???)
     
  11. Old news is old (years old).
     
  12. you can thank management again.

    meanwhile across the pond, if Nohl can do it...

    so can those angry people who keep trying to light their underpants and shoes on fire...

    that's the scurry part 8(
     
  13. Government agencies do not need to crack it.
    Part of the GSM license is the interconnection with the intelligence agencies in that country.
    So the agencies have access to the calls anyway.
     
  14. Any argument against using wireless 802.11 a/b/g/n for VoIP just went away permanently. You can use as much encryption as you want (4096 bit, whatever) if you have the CPU/GPU power to encrypt/decrypt it. This is a solid reason for every confidential phone user to use GNU-PGP and set up a maximum public key protected account scheme. Soon people who have critical conversations over GSM are going to get fired - before the company's business shows up on TMZ.

    LOL image verification code is "privately politic". Exactly. The price some people will pay for privacy or to ensure their domination of public life is infinite. GSM just lost a critical early adopter market. If you were going to run for President in 2012, would you let your staff set up a GSM network now, or would you wire every office for wireless a/b/g/n (the earlier standards have some advantages for wide area VoIP) and use GSM only where you had to?
     
  15. So, where is the big announcement to move to 256 bit or whatever?

    If we don't hear it, we should all be preparing to use wireless a/b/g/n as our primarily phone connection.

    No surer sign of a dead technology than no determined response to stay competitive.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...