The encryption key used to protect the privacy of calls on 80 per cent of the world's mobile phones has been made freely available – in order to highlight its vulnerability
A German security expert has published details of how to break the encryption algorithm used by GSM mobile phone technology, highlighting the ageing system's increasing vulnerability.
Karsten Nohl, 28, used a hacker conference in Berlin to publish the work of a collaborative research project to crack the 21-year-old GSM algorithm, a 64-bit encryption function known as A5/1, in a “code book” containing the the encryption key used in a GSM call.
Global System for Mobile Communications (GSM) is the standard form of digital voice encryption that keeps conversations on more than three billion handsets private – more than 80 per cent of the world's mobile phones.
Nohl and research partner Chris Paget said their research proves that with relatively modest funds and some widely available open-source tools, GSM encryption can be cracked, allowing virtually anyone – in theory – to listen in on phone calls.
However, the GSM Association (GSMA) played down the demonstration. It pointed out that the practical complexity of the so-called hack made it highly difficult both to set up and to perform unnoticed, and in any case – it said – the newer, far stronger A5/3 algorithm was in the process of replacing A5/1.
“We consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM,” a spokeswoman said. “A5/1 has proven to be a very effective and resilient privacy mechanism.”
Posts
No comments:
Post a Comment