Did you know that the vast majority of calls carried out on the 3.5 billion GSM connections in the world today are protected by a 21-year old 64-bit encryption algorithm? You should now, given that the A5/1 privacy algorithm, devised in 1988, has been deciphered by German computer engineer Karsten Nohl and published as a torrent for fellow code cracking enthusiasts and less benevolent forces to exploit. Worryingly, Karsten and his crew of merry men obtained the binary codes by simple brute force — they fed enough random strings of numbers in to effectively guess the password. The GSM Association — which has had a 128-bit A5/3 key available since 2007, but found little takeup from operators — has responded by having a whinge about Mr. Nohl’s intentions and stating that operators could just modify the existing code to re-secure their networks. Right, only a modified 64-bit code is just as vulnerable to cracking as the one that just got cracked. It’s important to note that simply having the code is not in itself enough to eavesdrop on a call, as the cracker would be faced with just a vast stream of digital communications — but Karsten comes back to reassure us that intercepting software is already available in customizable open source varieties. So don’t be like Tiger, keep your truly private conversations off the airwaves, at least for a while.
GSM call encryption code cracked, published for the whole world to see originally appeared on Engadget on Tue, 29 Dec 2009 04:18:00 EST. Please see our terms for use of feeds.