Printed from http://www.electronista.com

GSM phone security cracked, published

updated 02:55 pm EST, Mon December 28, 2009

Cellphone protocol deemed vulnerable

German software engineer Karsten Nohl said at the Chaos Communication Congress hacker expo today that he and a group have cracked and published the primary encryption code for GSM, the protocol that handles most non-3G cellphone calls. The team says it has used legal methods to break the A5/1 standard, which prevents easy snooping, and has made available a 'code book' of binary data that could theoretically be used to decipher the content of a call within hours or even minutes rather than weeks.

Nohl characterizes the hack as a 'white hat' gesture meant to underscore the vulnerability of the GSM system. Its protocols were finalized in 1988 and use relatively mild 64-bit encryption, which is comparatively easy to break. An updated but rarely used GSM spec known as A5/3, as well as 3G calls on UMTS and HSPA, use much tougher 128-bit encryption.

Critics from the GSM Association have tried to downplay the discovery, noting that actually listening into a call is much more difficult. It also claims that Nohl's team may be violating the law. Industry security experts note that corporate spying on phone calls is common and that GSM hacks may become common. [via New York Times]



By Electronista Staff
toggle

Comments

  1. Bobfozz

    Fresh-Faced Recruit

    Joined: Jul 2008

    +2

    White hat?

    Tell the authorities and those who handle the phones and transmission. Get credit for it. But doing this just makes it easier for people who want to create trouble more quickly. Another guy who wasn't loved enough.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -4

    Re: white hat

    Yes, white hat.

    Tell the authorities and those who handle the phones and transmission.

    The authorities? Like whom? The NSA, who's already listening in? Or other groups, like the FBI, FCC, etc, so they would know how to listen in easier?

    And you don't think those who handle the phones and transmission already know the problems they had/have with their security.

    Get credit for it. But doing this just makes it easier for people who want to create trouble more quickly. Another guy who wasn't loved enough.

    No, if they wanted to create trouble, they wouldn't tell anyone and use it to their advantage, and you wouldn't even know about it. That's black hat.

  1. martinX

    Fresh-Faced Recruit

    Joined: Sep 2008

    +1

    Fear not, citizens.

    The GSM Association, and other entities, are aware of heir activities and have been for some time. Security is a moving target.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

ActvContent Sync Smartband

Smartbands of all sorts are hitting the market. Some build on the buzz around fitness trackers, while others offer simpler features fo ...

RocketStor 6324L Thunderbolt 2 eSATA bridge

Like it or not, the shift to Thunderbolt is underway. The connection is extremely flexible, allowing for video and data to co-habitate ...

Patriot Stellar Boost XT 64GB USB 3.0 drive

A vast selection of USB memory sticks means that consumers can often find exactly the size drive they need in a configuration that can ...

Sponsor

toggle

Most Commented