Most Popular
| Top Stories | Commented | Featured |
4-Way Intel H55 Motherboard Shootout featured
Tech Tip of the Week: Customize Your Windows 7 Start Menu Button featured
Catalyst 10.3 previewed, full release coming next week
EVGA Classified SR-2 fits twin six-core Xeon processors
Microsoft loses another patent suit, must pay $105 million
Microsoft removes XP Mode hardware requirements
TS Community
| User Gallery | Recent Discussion |
 Updated frame by CMH |  Renegeeks -FEAR Game- On 3 Monitors -Useing SoftTH- by Renegeek |
TechSpot RSSIT Security
Hacker cracks and publishes GSM call encryption code
The 21-year old encryption standard used to protect phone calls on the most widely used mobile standard has been cracked. Karsten Nohl, a German computer engineer revealed yesterday that he had deciphered the binary codes for the 64-bit GSM encryption algorithm known as A5/1 by simple brute force, and then published his findings to the hacking community in a bid to expose weaknesses in the security of global wireless systems.
Although potentially making calls vulnerable to snooping, Nohl said he took precautions to remain within legal boundaries, emphasizing that his efforts were purely academic and kept within the public domain. While the disclosure does not by itself threaten the security of voice data, anyone who can work standard GNU build process and a set of open source software tools could break the encryption and listen in on conversations.
The GSM Association has responded by questioning Nohl's intentions and stating that operators could just modify the existing code to re-secure their networks -- though the new code will remain just as vulnerable to brute force cracking as the one before. The group has had a 128-bit successor to A5/1 since 2007, dubbed A5/3, but thus far has failed to push the standard out across much of the industry.
Although potentially making calls vulnerable to snooping, Nohl said he took precautions to remain within legal boundaries, emphasizing that his efforts were purely academic and kept within the public domain. While the disclosure does not by itself threaten the security of voice data, anyone who can work standard GNU build process and a set of open source software tools could break the encryption and listen in on conversations.
The GSM Association has responded by questioning Nohl's intentions and stating that operators could just modify the existing code to re-secure their networks -- though the new code will remain just as vulnerable to brute force cracking as the one before. The group has had a 128-bit successor to A5/1 since 2007, dubbed A5/3, but thus far has failed to push the standard out across much of the industry.
User Comments (14)
Post a comment| Timonius on December 29, 2009 11:57 AM | Forget the 128-bit, better go bigger and make sure you hire Nohl to make it better. |
| TorturedChaos on December 29, 2009 12:01 PM | Makes me a little nervous that someone cracked it - through brute force none the less - but mostly I see this as a good thing. That encryption code has been in use for 21 years, sounds like it needs to be updated any ways. Whose to say someone hasn't cracked it already and just didn't say anything? Hopefully we something new very soon. |
| tengeta on December 29, 2009 2:44 PM | Its just sad that a 21 year old standard IS the standard to begin with. I assumed years ago it was cracked and they just didn't come out about it. Encryption lives a very short life, especially these days. |
| Timonius on December 29, 2009 8:03 PM | You're probably right tengeta and TorturedChaos. This may have been a simple and convenient cover story. haha! |
| Vrmithrax on December 30, 2009 12:04 PM | It's hard to imagine that government agencies with massive
budgets and the most sophisticated hardware hadn't done a
simple brute-force hack of the GSM code long ago. But hey,
if I was an agency interested in intelligence or espionage,
I'd sure keep the fact that the code was cracked quiet, so
people would freely say things they normally wouldn't if
they had no confidence in the security of their
connection... I'm just sayin... 
|
| Guest on December 30, 2009 5:31 PM | I can't believe it took 21 years to crack it. |
| Zeromus on December 30, 2009 6:02 PM | What? He won a bid? Aw, I bet he didn't bet for crap 
|
| compdata on December 30, 2009 8:03 PM | Vrmithrax said: 100% right on. Anyone who thinks their cell calls
are "secure" is in denial :-)
It's hard to imagine that government agencies with massive budgets and the most sophisticated hardware hadn't done a simple brute-force hack of the GSM code long ago. But hey, if I was an agency interested in intelligence or espionage, I'd sure keep the fact that the code was cracked quiet, so people would freely say things they normally wouldn't if they had no confidence in the security of their connection... I'm just sayin... |
| satty on December 30, 2009 10:50 PM | I dont believe he is the first one who did it(21 years....???) |
| Guest on December 31, 2009 7:52 AM | Old news is old (years old). |
| Guest on January 1, 2010 3:49 PM | you can thank management again. meanwhile across the pond, if Nohl can do it... so can those angry people who keep trying to light their underpants and shoes on fire... that's the scurry part 8( |
| Guest on January 2, 2010 5:54 AM | Government agencies do not need to crack it. Part of the GSM license is the interconnection with the intelligence agencies in that country. So the agencies have access to the calls anyway. |
| Guest on January 6, 2010 7:41 AM | Any argument against using wireless 802.11 a/b/g/n for VoIP
just went away permanently. You can use as much encryption
as you want (4096 bit, whatever) if you have the CPU/GPU
power to encrypt/decrypt it. This is a solid reason for
every confidential phone user to use GNU-PGP and set up a
maximum public key protected account scheme. Soon people
who have critical conversations over GSM are going to get
fired - before the company's business shows up on
TMZ. LOL image verification code is "privately politic". Exactly. The price some people will pay for privacy or to ensure their domination of public life is infinite. GSM just lost a critical early adopter market. If you were going to run for President in 2012, would you let your staff set up a GSM network now, or would you wire every office for wireless a/b/g/n (the earlier standards have some advantages for wide area VoIP) and use GSM only where you had to? |
| Guest on January 16, 2010 10:32 AM | So, where is the big announcement to move to 256 bit or
whatever? If we don't hear it, we should all be preparing to use wireless a/b/g/n as our primarily phone connection. No surer sign of a dead technology than no determined response to stay competitive. |
