Monday, January 4, 2010

GSM encryption key revealed | IT PRO

GSM encryption key revealed | IT PRO

The encryption key used to protect the privacy of calls on 80 per cent of the world's mobile phones has been made freely available – in order to highlight its vulnerability


Mobile phone security

A German security expert has published details of how to break the encryption algorithm used by GSM mobile phone technology, highlighting the ageing system's increasing vulnerability.

Karsten Nohl, 28, used a hacker conference in Berlin to publish the work of a collaborative research project to crack the 21-year-old GSM algorithm, a 64-bit encryption function known as A5/1, in a “code book” containing the the encryption key used in a GSM call.

Global System for Mobile Communications (GSM) is the standard form of digital voice encryption that keeps conversations on more than three billion handsets private – more than 80 per cent of the world's mobile phones.

Nohl and research partner Chris Paget said their research proves that with relatively modest funds and some widely available open-source tools, GSM encryption can be cracked, allowing virtually anyone – in theory – to listen in on phone calls.

However, the GSM Association (GSMA) played down the demonstration. It pointed out that the practical complexity of the so-called hack made it highly difficult both to set up and to perform unnoticed, and in any case – it said – the newer, far stronger A5/3 algorithm was in the process of replacing A5/1.

“We consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM,” a spokeswoman said. “A5/1 has proven to be a very effective and resilient privacy mechanism.”

No comments:

Post a Comment