Skip to main content

German Researcher Publishes GSM Encryption Crack

apple_iphone_3g-251x300German security research Karsten Nohl, working with other researchers, has published a codebook that significantly reduces the amonut of work necessary to crack 64-bit GSM encryption, used to protect calls placed by more than 4 billion mobile phone users around the world. In theory, the development could make it easier for criminals, fraudsters, and attackers to intercept and decode and eavesdrop on private mobile phone conversations—although the bar for doing so is still fairly high. Nohl insists publishing data necessary to crack GSM encryption is intended to motivate carriers into upgrading their security technology, rather than enabling any sort of attack.

Nohl’s published results are essentially a brute-force attack on the 64-bit A5/1 algorithm that has been used to protect GSM phone calls for over two decades. Normally, GSM handsets thwart call interception by switching quickly over a range of some 80 radio channels: even if attackers manage to snoop in on one channel, the odds of their being able to follow a call across all 80 channels in real time are miniscule. Unless, that is, they are able to ferret out the key that governs the communication: then, in theory, someone could listen in on a call in real time. Nohl’s published tables, in theory, would enable attackers to determine the keys and snoop in on calls. Although the GSM algorithm has long been vulnerable to law enforcement and heavily-financed criminal organizations…but by Nohl’s estimates, his tables lower the bar for real-time call interception down to about $30,000.

Nohl believes that his work is itself legal—and largely builds on knowledge of GSM compromises that were well-known in academic circles—although using that infomation to build a GSM phone intercepter or actually intercepting calls would be illegal in most countries.

A more-robust A5/3 algorithm that uses a 128-bit key is used to secure 3G mobile communications and GPRS. Although A5/3 has been compromised by man-in-the-middle attacks and brute force approaches, no known cipher breaks of A5/3 are currently considered practical.

Editors' Recommendations