Expert cracks GSM phone call encryption

Karsten Nohl of Germany, an engineer and encryption expert, announced at the Chaos Communication Congress this week that he had broken the 64-bit A5/1 encryption algorithm currently used to secure and encrypt GSM phone calls made in most of the world's countries.

If the algorithms are cracked, then outsiders could theoretically listen in on any phone conversation of their choosing, which would lead to extreme lapses in security and privacy. Nohl says: �This shows that existing G.S.M. security is inadequate. We are trying to push operators to adopt better security measures for mobile phone calls.�

The GSM Association, the group behind the algorithms, has called Nohl's "hacking" illegal. �This is theoretically possible but practically unlikely,� added Claire Cranton, an association spokeswoman, via NYT. �What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.�

GSM is the most widely used standard in the world, with about 3.5 billion of all 4.3 billion wireless connections in the world using the standard. Rival CDMA, is used mainly in the United States and in small use in other countries such as China.

Some experts agree with Nohl's findings and believe everyone should upgrade their systems to the newer 128-bit A5/1 encryption algorithm, which is still considered completely secure.

Written by: Andre Yoskowitz @ 29 Dec 2009 1:49

Advertisement - News comments available below the ad

19 comments

bmlshane

Reminds me of the old saying about duplicating the works of Shakespeare, Enough Monkeys, enough typewriters and enough time......The encryption's security was only so good until someone cracked it, as it was reported to happen, but this does not mean that listening in on phone calls by GSM mobiles (cell phone) will be pandemic.

29.12.2009 02:42 #1

KillerBug

I bet verizon will be getting a few new customers in the next week...

29.12.2009 02:51 #2

bigfamei

So what 1 guy crack the 64 bit security. Out of 5 billion people in the world it doesn't mean that someone else can do it. That would be impossible!

29.12.2009 06:16 #3

jae420

bigfamei:

This guy cracked it. Anyone can do it once they have the propper procedure.

If this guy leaks his code/method then everyone will be doing it. Just like the first few ppl who cracked the iphone, now everyone is doing it.

29.12.2009 07:56 #4

rayals

I would like to talk about the Illegallity of what he did. I do not believe that it is ileelgal. THis is a standard scientific procedure. You need to be certian of vulnerbilities. You do this by testing and trying to break the code. If it is possible then you start back at square one. Anyone who would put this man in jail would be doing the global community a great injustice.

29.12.2009 08:55 #5

xboxdvl2

i was told police can moniter and listen in to all phone calls even those made from mobiles if they believed illegal activities were taking place.I dont think the guy that hacked it should be prosecuted unless hes monitering peoples personal phone calls and obtaining personal information.I doubt anyone could be bothered listening in to my phone calls even if they knew how.I was using the CDMA network for about a year but they disabled it here.

PS2 with 12 games.

29.12.2009 09:17 #6

cyprusrom

Put him in jail?! More like hire him, give'em a job to show you how is done properly...

29.12.2009 11:04 #7

Deadrum33

None of us want to be bothered with that person talking about their incontinent bowel syndrome to their friend while standing in line at the store but you think there is enough interest to hack their entire call? I know it's just proof of concept but still...just because I can train my dog not to go outside and use my cats litter box as a crapper, doesn't mean its a good idea.

29.12.2009 11:54 #8

LissenUp

"The GSM Association, the group behind the algorithms, has called Nohl's "hacking" illegal. �This is theoretically possible but practically unlikely,� added Claire Cranton, an association spokeswoman, via NYT. �What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.�

OH GOOD GOD..........enough with the stupid people making stupid comments with their stupid convictions already!!!!!!!!!!!!!!

Illegal? How do they figure? He did it on his own without impact on others, didn't steal anything, brought it to the attention of the world and now SHUT UP AND FIX IT!

Illegal in Britain and the U.S.????? So is "J" walking, being without ID EVER and In Zion, IL, it is illegal for anyone to give cats, dogs, or other domesticated animals a lighted cigar.

How this dumb bi*ch can't relate the concern of privacy to hacking the encryption is beyond me. The encryption needs to be UNHACKABLE dammit!!!!

29.12.2009 12:16 #9

cyprusrom

Originally posted by Deadrum33: ...just because I can train my dog not to go outside and use my cats litter box as a crapper, doesn't mean its a good idea.If the litter box is big enough and don't mind the stink...but then all the scooping you'd have to do...Unless you call a Chihuahua a dog;)))

29.12.2009 12:34 #10

Josipher

29.12.2009 12:37 #11

mike.m

Originally posted by LissenUp: "The GSM Association, the group behind the algorithms, has called Nohl's "hacking" illegal. �This is theoretically possible but practically unlikely,� added Claire Cranton, an association spokeswoman, via NYT. �What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.�

OH GOOD GOD..........enough with the stupid people making stupid comments with their stupid convictions already!!!!!!!!!!!!!!

Illegal? How do they figure? He did it on his own without impact on others, didn't steal anything, brought it to the attention of the world and now SHUT UP AND FIX IT!

Illegal in Britain and the U.S.????? So is "J" walking, being without ID EVER and In Zion, IL, it is illegal for anyone to give cats, dogs, or other domesticated animals a lighted cigar.

How this dumb bi*ch can't relate the concern of privacy to hacking the encryption is beyond me. The encryption needs to be UNHACKABLE dammit!!!!
It impossible to reason with women/male who argue like this, I've had to deal with a few before, and I know, it's frustrating. Some stereotypes of women are most of the time very true, such as in this case; she will not get to the point and address the MAIN issue that; yes, they should be making security changes for their customers, and that from one simple engineer cracking the code should be a wake up call. Instead, she tries to make excuses, attack someone other than herself, change the subject and focus on much less serious concerns.

Back to the topic though,I'm with Telus, and I'm still on the old network I think (CDMA), because my phone is still at least 3-4 years old, and they just switched to GSM. Is it possible for anyone to simply upgrade to the newer 128-bit A5/1 encryption through the phone? If not, I may put off getting a new phone for a while, I'm still waiting till the Olympics are over here, and Telus get's the Omnia 2, and they drop that stupid Required Data plan, and just let us get a rate plan.

29.12.2009 20:08 #12

Amak

....because it is illegal no one will do it!? WTF! If that argument is true, this would be a utopia! Sorry, but this person did crack your crap encryption... consider a new algorithm that has some strength.

29.12.2009 20:14 #13

KillerBug

Quote:Originally posted by LissenUp: "The GSM Association, the group behind the algorithms, has called Nohl's "hacking" illegal. �This is theoretically possible but practically unlikely,� added Claire Cranton, an association spokeswoman, via NYT. �What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.�

OH GOOD GOD..........enough with the stupid people making stupid comments with their stupid convictions already!!!!!!!!!!!!!!

Illegal? How do they figure? He did it on his own without impact on others, didn't steal anything, brought it to the attention of the world and now SHUT UP AND FIX IT!

Illegal in Britain and the U.S.????? So is "J" walking, being without ID EVER and In Zion, IL, it is illegal for anyone to give cats, dogs, or other domesticated animals a lighted cigar.

How this dumb bi*ch can't relate the concern of privacy to hacking the encryption is beyond me. The encryption needs to be UNHACKABLE dammit!!!!
It impossible to reason with women/male who argue like this, I've had to deal with a few before, and I know, it's frustrating. Some stereotypes of women are most of the time very true, such as in this case; she will not get to the point and address the MAIN issue that; yes, they should be making security changes for their customers, and that from one simple engineer cracking the code should be a wake up call. Instead, she tries to make excuses, attack someone other than herself, change the subject and focus on much less serious concerns.

Back to the topic though,I'm with Telus, and I'm still on the old network I think (CDMA), because my phone is still at least 3-4 years old, and they just switched to GSM. Is it possible for anyone to simply upgrade to the newer 128-bit A5/1 encryption through the phone? If not, I may put off getting a new phone for a while, I'm still waiting till the Olympics are over here, and Telus get's the Omnia 2, and they drop that stupid Required Data plan, and just let us get a rate plan.She isn't ignoring the issue because she is female...she is ignoring the issue because she hopes it will go away. If this guy cracked GSM, then it is likely that someone else already did the same and told no one...those people may even be using their techniques for illicit means as I type this.

It isn't an ignorant statement...the real issue is ignored because they have no means of fixing it...at least not quickly...and they want to avoid massive shifts to CDMA networks. They also want to hide the fact that the new 4G networks are all GSM...even the ones being considered by verizon. At this point, it would be a huge problem to openly admit that there is a serious issue with these networks, as it would result in a whole new round of "testing"...testing that does not adress security issues, as it is illigal just to test security on your own network.

Cracking digital protection of any kind is illigal in the US and the UK...even if it is your own equipment. It is an ignorant tactic that only serves to prevent proper testing...and you can thank the DMCA. Perhapse if anyone had read it before making it law, we would not have so many problems because of it...but law makers are more concerned with the RIAA/MPAA bribe money than anything.

30.12.2009 05:31 #14

DVDBack23

Quote:It isn't an ignorant statement...the real issue is ignored because they have no means of fixing it...at least not quickly...and they want to avoid massive shifts to CDMA networks. They also want to hide the fact that the new 4G networks are all GSM...even the ones being considered by verizon. At this point, it would be a huge problem to openly admit that there is a serious issue with these networks, as it would result in a whole new round of "testing"...testing that does not adress security issues, as it is illigal just to test security on your own network.4G networks use the 128-bit or a newer 5/3.

30.12.2009 13:44 #15

bmlshane

A newly opened can of worms. History is full of people trying to break codes and cyphers, WW2 breaking the enigma code was important, as as breaking Japanese ones. There are magazines dedicated to codes and cyphers, and people try to solve them. A scientist trying to crack codes of DNA to find ways of relieving genetic defects and also to find cures of diseases and to defeat viruses. It is human nature to seek ways of finding information, to puzzle out ways of doing things better, to undertake and try to succeed in challenges, So encryption comes under this, and people will attempt to defeat it for a challenge, so it is human nature versus human laws, Laws that have beeb enacted on a small, vocal group with big money backing them, are all laws good, or just? Just my thoughts.

warlock

30.12.2009 18:31 #16

bmlshane

The person who broke the code is releasing a book on how to crack and be able to listen in and record GSM conversations, all in the name of something better than the 21 year old encryption. He also states that Police and Governments have had the ability to do this for years, so the encryption was already compromised. It concerns me that Goverment s spy on their citizens at will.

31.12.2009 01:43 #17

ST2006

Originally posted by rayals: I would like to talk about the Illegallity of what he did. I do not believe that it is ileelgal. THis is a standard scientific procedure. You need to be certian of vulnerbilities. You do this by testing and trying to break the code. If it is possible then you start back at square one. Anyone who would put this man in jail would be doing the global community a great injustice.
Couldn't have put it better myself.

7.1.2010 10:56 #18

jacki651

Dear,

Have you some software or device which make Encryption on my calls ,to avoid some body by CELLULAR INTERCEPT GSM system to listening to my conversation?

Thanks,

28.7.2011 14:51 #19

AfterDawn: News