The 21-year old encryption standard used to protect phone calls on the most widely used mobile standard has been cracked. Karsten Nohl, a German computer engineer revealed yesterday that he had deciphered the binary codes for the 64-bit GSM encryption algorithm known as A5/1 by simple brute force, and then published his findings to the hacking community in a bid to expose weaknesses in the security of global wireless systems.
Although potentially making calls vulnerable to snooping, Nohl said he took precautions to remain within legal boundaries, emphasizing that his efforts were purely academic and kept within the public domain. While the disclosure does not by itself threaten the security of voice data, anyone who can work standard GNU build process and a set of open source software tools could break the encryption and listen in on conversations.
The GSM Association has responded by questioning Nohl's intentions and stating that operators could just modify the existing code to re-secure their networks -- though the new code will remain just as vulnerable to brute force cracking as the one before. The group has had a 128-bit successor to A5/1 since 2007, dubbed A5/3, but thus far has failed to push the standard out across much of the industry.