GSM encryption cracked
A German engineer has deciphered the encryption and posted his findings in an effort to push the GSM association to released a newer, more secure encryption
The 64-bit encryption algorithm, A5/1, used to protect the privacy of calls made under the Global Systems for Mobile (GSM) communications standard has been cracked.
Karsten Nohl - a 28-year old German native - has reportedly cracked the code and published his findings to the computer and electronics hacking community. According to website Dailytech, Nohl has a strong interest in protecting the privacy of citizens against snooping from any party and only published his findings in an effort to showcase the flaws of the algorithm.
The A5/1 algorithm is based on 64-bit encryption, which is considered weak by today's security standards. Today 128-bit algorithms are used extensively as it is widely believed that these are strong enough to protect most data from prying eyes. The GSM Association has devised a 128-bit successor to A5/1 - known as A5/3 - but this security algorithm has not been rolled out to most of the GSM networks around the world.
The current 64-bit algorithm has been in service for 21-years and was developed in 1988. It is estimated that there are 4.3 billion wireless connection users around the world of which 3.5 billion use GSM technology.
The GSM association claims there's little danger of calls being intercepted using Nohl's findings as hackers would have to pick one call out of thousands at a cell phone tower. They say this would require expensive sophisticated equipment and software. Security experts disagree with this assessment -- including Nohl who pointed out that there was a wealth of open source software and cheap hardware to accomplish exactly those objectives.
Nohl attended college in the United States and received a PhD in computer engineering from the University of Virginia. Via a similar publication, he earlier successfully convinced the DECT Forum, a separate standards group based in Bern, to upgrade its own security algorithm, improving the protection to the standard's 800 million customers in the process.