Skip to main content

German Researcher Publishes GSM Encryption Crack

apple_iphone_3g-251x300German security research Karsten Nohl, working with other researchers, has published a codebook that significantly reduces the amonut of work necessary to crack 64-bit GSM encryption, used to protect calls placed by more than 4 billion mobile phone users around the world. In theory, the development could make it easier for criminals, fraudsters, and attackers to intercept and decode and eavesdrop on private mobile phone conversations—although the bar for doing so is still fairly high. Nohl insists publishing data necessary to crack GSM encryption is intended to motivate carriers into upgrading their security technology, rather than enabling any sort of attack.

Nohl’s published results are essentially a brute-force attack on the 64-bit A5/1 algorithm that has been used to protect GSM phone calls for over two decades. Normally, GSM handsets thwart call interception by switching quickly over a range of some 80 radio channels: even if attackers manage to snoop in on one channel, the odds of their being able to follow a call across all 80 channels in real time are miniscule. Unless, that is, they are able to ferret out the key that governs the communication: then, in theory, someone could listen in on a call in real time. Nohl’s published tables, in theory, would enable attackers to determine the keys and snoop in on calls. Although the GSM algorithm has long been vulnerable to law enforcement and heavily-financed criminal organizations…but by Nohl’s estimates, his tables lower the bar for real-time call interception down to about $30,000.

Nohl believes that his work is itself legal—and largely builds on knowledge of GSM compromises that were well-known in academic circles—although using that infomation to build a GSM phone intercepter or actually intercepting calls would be illegal in most countries.

A more-robust A5/3 algorithm that uses a 128-bit key is used to secure 3G mobile communications and GPRS. Although A5/3 has been compromised by man-in-the-middle attacks and brute force approaches, no known cipher breaks of A5/3 are currently considered practical.

Editors' Recommendations

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Motorola phones are about to steal these iPhone features
Someone holding the Motorola Edge Plus (2023).

Motorola and Lenovo have just announced Smart Connect at MWC 2024. Smart Connect allows users a seamless multi-device experience between their PC, phone, and tablet. Basically, it’s like the device integration you expect in Apple’s ecosystem but with Motorola and Lenovo devices.

Smart Connect is a big step for both Motorola and Lenovo, as it shows off both companies’ commitment to delivering a smarter software solution for everyone. The Smart Connect ecosystem will benefit all consumers, from students and gamers to creators and business users. And for Android fans who have been looking enviously at Apple Land, it's a nice taste of what iPhone, iPad, and Mac users have been enjoying for years.

Read more
How to download Instagram photos for free
Instagram app running on the Samsung Galaxy Z Flip 5.

Instagram is amazing, and many of us use it as a record of our lives — uploading the best bits of our trips, adventures, and notable moments. But sometimes you can lose the original files of those moments, leaving the Instagram copy as the only available one . While you may be happy to leave it up there, it's a lot more convenient to have another version of it downloaded onto your phone or computer. While downloading directly from Instagram can be tricky, there are ways around it. Here are a few easy ways to download Instagram photos.

Read more
Samsung is about to display the Galaxy Ring for the first time
A photo of the Samsung Galaxy Ring teased at Unpacked 2024.

Last year, there was much talk about Samsung launching a smart ring to compete with the likes of the Oura ring, and last month it became a reality when the Korean company teased the Galaxy Ring in a slick video at the end of its Unpacked event.

It all went a bit quiet after that ... until now, that is.

Read more