German Researcher Publishes GSM Encryption Crack

By Geoff Duncan Published December 30, 2009

apple_iphone_3g-251x300 German security research Karsten Nohl, working with other researchers, has published a codebook that significantly reduces the amonut of work necessary to crack 64-bit GSM encryption, used to protect calls placed by more than 4 billion mobile phone users around the world. In theory, the development could make it easier for criminals, fraudsters, and attackers to intercept and decode and eavesdrop on private mobile phone conversations—although the bar for doing so is still fairly high. Nohl insists publishing data necessary to crack GSM encryption is intended to motivate carriers into upgrading their security technology, rather than enabling any sort of attack.

Nohl’s published results are essentially a brute-force attack on the 64-bit A5/1 algorithm that has been used to protect GSM phone calls for over two decades. Normally, GSM handsets thwart call interception by switching quickly over a range of some 80 radio channels: even if attackers manage to snoop in on one channel, the odds of their being able to follow a call across all 80 channels in real time are miniscule. Unless, that is, they are able to ferret out the key that governs the communication: then, in theory, someone could listen in on a call in real time. Nohl’s published tables, in theory, would enable attackers to determine the keys and snoop in on calls. Although the GSM algorithm has long been vulnerable to law enforcement and heavily-financed criminal organizations…but by Nohl’s estimates, his tables lower the bar for real-time call interception down to about $30,000.

Recommended Videos

Nohl believes that his work is itself legal—and largely builds on knowledge of GSM compromises that were well-known in academic circles—although using that infomation to build a GSM phone intercepter or actually intercepting calls would be illegal in most countries.

A more-robust A5/3 algorithm that uses a 128-bit key is used to secure 3G mobile communications and GPRS. Although A5/3 has been compromised by man-in-the-middle attacks and brute force approaches, no known cipher breaks of A5/3 are currently considered practical.

Former Contributor

Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…

Mobile

Act Fast! Google Pixel 9 phones are going to cost hundreds more soon

The Google Pixel 9 Pro XL, the Google Pixel 9 Pro, and Google Pixel 9 all next to each other.

The Google Pixel 9 series is just shy of a year old and we still prefer the base Pixel 9 phone over a ton of iPhones and Samsung favorites. It's a new, hot, and trendy phone in its peak era, but tech moves rapidly and we're already learning about the Google Pixel 10 series. That means that initial offers on Pixel 9 series phones are going to disappear soon. Google's Pixel deals now have a countdown, reading "5 days left" as I write this (tap the button below to check for yourself, but it should be around 3 days left when most readers get the article). With these deals you can save $100s on your new phone if you sign up with a Google phone plan. If you know you want to buy a Pixel 9 series phone, but have been procrastinating, this is the time to do so. As a quick reminder, three Pixel 9 phones appear in our best Android phones roundup, but if you need more info to jog your memory about why you wanted a Pixel 9 phone, read on — we'll help you find our reviews, give a quick summary of the phone, explain the offers, and help you find them.

BUY NOW

Mobile

The US wants a wearable for all. Experts say it won’t fix the health crisis

Heart rate on the Apple Watch Series 7.

"My vision is that every American is wearing a wearable within four years," Robert F. Kennedy Jr., the 26th Secretary of the U.S. Department of Health and Human Services, told the House Subcommittee on Health during a recent hearing.

When Congressman Troy Balderson asked whether consumers should have access to these tools, referencing wearable technology in light of the 21st Century Cures Act, the privacy risks, and the health benefits, Kennedy replied that they "absolutely" should.

Mobile

I tested a smart ring with a display. I liked it more than I wanted to

Person wearing Pebble Halo smart ring.

I don’t need yet another screen in my life. Or at least that’s what I have been telling myself for years. I used to believe it was a pet peeve. But a quick look at Reddit and X shows a whole bunch of people who are experimenting with the “dumb phone” trend, or flaunting their “minimalist tech” stack.

My attempts at less screen exposure have been somewhat of a mixed bag. There’s now a screen in my hand or pocket at all times. For work, there’s a 24-inch or bigger screen that I stare at, for roughly eight hours each day. On my wrist, a smartwatch screen keeps lighting up every now and then, vying for my attention to an important notification.