GSM encryption cracked, code available on BitTorrent

It was recently reported that a German computer engineer outlined his plans to to crack GSM encryption and make his results public. Well now, he's actually done it. The New York Times is reporting that Karsten Nohl has cracked and published the "secret" code used by 3.5 billion of the 4.3 billion wireless connections across the world. The code was developed in 1988 and is used to encrypt 80% of worldwide mobile calls. It is now publicly available via BitTorrent, leaving GSM calls vulnerable to eavesdropping.

It's important to mention that the A5/1 algorithm that was cracked is the older, and less secure, 64-bit version. A newer, 128-bit A5/3 algorithm, which has been available since 2007, is still un-touched, but unfortunately, GSM carriers have been hesitant in spending the money to adopt the latest standard. Nohl feels that by releasing the code to the public, it will force GSM carriers to finally adopt the newer, more secure, 128-bit encryption. "We are not recommending people use this information to break the law. What we are doing is trying to goad the world's wireless operators to use better security."

While authorities are saying that eavesdropping on conversations would require copyrighted hardware and firmware, thereby making it highly unlikely for people to accomplish, Nohl assures everyone that the hardware and software needed are all available through free, open-source channels. On this note, Stan Schatt, a vice president for health care and security at the technology market researcher ABI Research in New York, says that "Organizations must now take this threat seriously and assume that within six months their organizations will be at risk unless they have adequate measures in place to secure their mobile phone calls."

Boy Genius Report notes that this is not the first time the A5/1 algorithm has been cracked. In 2003, a team of Israeli researchers demonstrated the ability to capture and decrypt a GSM stream using $1,000 worth of equipment, in just half an hour, though they didn't get down the actual binary code like Nohl has.

Previous Story
Twitter's 370 banned passwords
Next Story
O2 customers saying O-no, thanks to iPhone