Code Protecting 80 Percent of Cellphone Convos Finally Cracked

By Andrew Moseman | December 29, 2009 2:39 pm

cellphonemanAre your phone conversations about to become less secure? A German encryption expert says he’s cracked the two-decade-old algorithm that protects most of the world’s cellphones: GSM (Global System for Mobile communication).

Karsten Nohl says his intentions were noble; he wanted to show the world that though GSM protects 80 percent of the cellphones in the world, it’s far from invincible.  “This shows that existing G.S.M. security is inadequate,” Mr. Nohl, 28, told about 600 people attending the Chaos Communication Congress, a four-day conference of computer hackers that runs through Wednesday in Berlin. “We are trying to push operators to adopt better security measures for mobile phone calls” [The New York Times].

Nohl and a team of others had been working independently since August to hack the code. Developed in 1988, the system prevents the interception of calls by forcing phones and base stations to change frequencies constantly [The Guardian]. Nohl and the others generated countless random code combinations until they’d completed an encryption code book. As an analogy, think of encryption like a jigsaw puzzle where you have to find one specific puzzle piece. If the puzzle only has 25 pieces, it won’t take you too long to accomplish. That is like a weak encryption algorithm. However, if the puzzle has 10,000 pieces it will take significantly longer [PC World].

Despite the fact that it took 21 years before someone figured out their jigsaw puzzle, GSM’s creators at the GSM Association aren’t pleased. “We consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM,” said Claire Cranton, a spokeswoman. “To do this while supposedly being concerned about privacy is beyond me” [The Guardian].

While Nohl claims his works was academic and GSM spokespeople say it’s not a threat, not everyone is convinced it’s so harmless. Law enforcement officials and well-financed cyber criminals have been able to crack GSM encryption for sometime, but the investment was so high that it didn’t pose much of a threat. This new method lowers the price of entry to the point that it is more of an issue, but still not a high risk [PC World].

Related Content:
80beats: A Hack of the Drones: Insurgents Spy on Spy Plans with $26 Software
80beats: Editing Goof Puts TSA Airport Screening Secrets on the Web
80beats: How to Prevent Heart Hackers from Turning Off Pacemakers
80beats: Electrical Espionage: Spies Hack Into the U.S. Power Grid

Image: flickr / Ed Yourdon

  • seilland

    scanners pick up cell conversations a lot

  • InfidelAvenger

    It was only a matter of time before this happened.

  • Melanie

    I understand that you want GSM to strenghten their security system but there were other ways to go about this, Instead of hacking into it with a large body of people. How do we know everyone of you have tha same ‘good’ intentions? I agree If something like hacking 80% of cell phones calls can be done then GSM needs to come up with a better security system but this very public and blunt message could have been sent another way.

  • Christina Viering

    He just wants to eavesdrop.


Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!


80beats is DISCOVER's news aggregator, weaving together the choicest tidbits from the best articles covering the day's most compelling topics.

See More

Collapse bottom bar