updated 02:55 pm EST, Mon December 28, 2009
Cellphone protocol deemed vulnerable
German software engineer Karsten Nohl said at the Chaos Communication Congress hacker expo today that he and a group have cracked and published the primary encryption code for GSM, the protocol that handles most non-3G cellphone calls. The team says it has used legal methods to break the A5/1 standard, which prevents easy snooping, and has made available a 'code book' of binary data that could theoretically be used to decipher the content of a call within hours or even minutes rather than weeks.
Nohl characterizes the hack as a 'white hat' gesture meant to underscore the vulnerability of the GSM system. Its protocols were finalized in 1988 and use relatively mild 64-bit encryption, which is comparatively easy to break. An updated but rarely used GSM spec known as A5/3, as well as 3G calls on UMTS and HSPA, use much tougher 128-bit encryption.
Critics from the GSM Association have tried to downplay the discovery, noting that actually listening into a call is much more difficult. It also claims that Nohl's team may be violating the law. Industry security experts note that corporate spying on phone calls is common and that GSM hacks may become common. [via New York Times]