Hacker Exposes Cell Phone Encryption
A German security researcher has claimed to have cracked the encryption behind the 22-year-old GSM standard that is used to safeguard phone calls on the majority of the cell phones in use around the world.
In a presentation at a hacker conference in Berlin this week, encryption expert Karsten Nohl demonstrated an interceptor device that he said could listen in on people's phone calls and snare other wireless transmissions, such as text messages.
The interceptor, which relies on a few thousand dollars worth of equipment and a vast trove of coding tables, treads on sensitive legal ground, and Nohl did not release the device to the public.
Nohl, who earned a doctorate in computer science from the University of Virginia and describes himself as a white hat hacker, said his efforts to crack GSM encryption and demonstrate the process to the public were meant to prod device makers and carriers to improve their security.
"Upgrading GSM's encryption function should be a mandatory security patch," Nohl said in his presentation.
The 64-bit A5/1 cipher Nohl said he cracked dates to 1987, and is used by the majority of the world's carriers. It is estimated that 80 percent of the handsets in use around the world run on GSM protocols.
Nohl said that security researchers have documented the vulnerabilities of GSM encryption for years, but that the flaws had never been made public and would have been too expensive or otherwise impractical to implement in the wild.
Nohl's research did not come as welcome news to the GSM Association (GSMA), the London-based organization that oversees the standard.
Claire Cranton, a spokeswoman for the group, told InternetNews.com that Nohl's research was "highly illegal," and that his interceptor did not mark a significant advance over other recent attempts to demonstrate GSM vulnerabilitiesefforts which the association regards as more theoretical than practical.
"All in all, we consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM," Cranton said.
GSMA has developed an upgrade to the A5/1 cipher, known as A5/3, which Cranton said is gradually being phased in around the world to replace the old standard.
Nohl said the upgrade to A5/3 would be a step in the right direction, though he maintained that the security keys in the new cipher are the same as those used in A5/1. He added that researchers have already shown the A5/3 vulnerable to a theoretical attack.
Many of the software and hardware components used in Nohl's interceptor device could be built using open source projects, he said.
Some of the 128 petabytes worth of data tables that align publicly available outputs with secret codes that could be used to intercept transmissions from mobile devices are available on BitTorrent.
Assembling the code book to crack GSM transmissions would be a massive computational effort that would take a single computer more than 100,000 years to complete. But with multiple machines running high-end GPU processors in parallel, and a series of algorithmic tweaks, Nohl said the task could be accomplished in three months.