updated 12:05 pm EST, Tue January 12, 2010
Newer GSM encryption hit using sandwich attack
The security of GSM phone calls dropped again late Monday with word that the standard's second, more guarded encryption standard has been broken. Following a first crack of the simpler standard, researchers at the Weizmann Institute of Science say they have cracked the A5/3 security cipher (nicknamed Kasumi) by using what's known as a "sandwich" attack. The group accomplished its goal by creating a distinguishing trait for the key and using just four related keys to determine the key for Kasumi itself.
While breaking the security takes time, the approach theoretically leaves GSM more directly exposed to call interceptions and other threats. Most cellular carriers still use the lower-grade GSM quality (A5/1) as their base calling technology, but the new discovery makes switching to Kasumi impractical. UMTS, the 3G cousin to GSM, also uses Kasumi and is potentially exposed as well.
The threat isn't necessarily large as its dependence on related keys requires discovering those keys before an attack is an option. Still, the technique is described as "practical" by one observer and could be used for actual attacks.
Members of the GSM Association haven't responded to the newly discovered hole.