German hacker cracks cell phone encryption
A German engineer has broken the 64-bit encryption still used by a large number of GSM cellular networks around the globe and released his findings online in hopes of spurring tighter security. What does this really mean for most wireless phone users?
Karsten Nohl presented his work at the Chaos Communication Congress in Berlin, a 4-day conference for computer hackers. He also released his findings via BitTorrent, where they can be downloaded by anyone.
The GSM standard was originally created in 1988 using 64-bit encryption called the A5/1 privacy algorithm, though a stronger 128-bit algorithm is currently available. Nohl says that his work is intended to push carriers who haven’t upgraded into tightening their security.
Consumers increasingly rely on their mobile phones as a primary means of communication and insecure mobile networks could become a huge threat for transactions like mobile banking and commerce. Without the proper security measures, consumer information could be vulnerable to well-funded cyber criminals.
Claire Cranton of the GSM Association said, “this is theoretically possible but practically unlikely.” She continued that, “what he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.”
Cracking into a mobile operator’s network would require specialized equipment to intercept the signal and to analyze the transmissions that aren’t available to the general public. Nohl counters that open source software is available to do the signal processing if the hackers get their hands on the right equipment.
Overall this isn’t an immediate threat to anyone’s mobile privacy, though it could become one if carriers don’t upgrade their security. Cell phone users on GSM networks account for over 80 percent of the world’s 4.3 billion wireless subscribers.
In the U.S., both AT&T and T-Mobile use the GSM standard, while Verizon and Sprint use a different protocol. That accounts for about 299 million cell phone users in the United States alone.
No comments yet.