Are your phone conversations about to become less secure? A German encryption expert says he’s cracked the two-decade-old algorithm that protects most of the world’s cellphones: GSM (Global System for Mobile communication).
Karsten Nohl says his intentions were noble; he wanted to show the world that though GSM protects 80 percent of the cellphones in the world, it’s far from invincible. “This shows that existing G.S.M. security is inadequate,” Mr. Nohl, 28, told about 600 people attending the Chaos Communication Congress, a four-day conference of computer hackers that runs through Wednesday in Berlin. “We are trying to push operators to adopt better security measures for mobile phone calls” [The New York Times].
Nohl and a team of others had been working independently since August to hack the code. Developed in 1988, the system prevents the interception of calls by forcing phones and base stations to change frequencies constantly [The Guardian]. Nohl and the others generated countless random code combinations until they’d completed an encryption code book. As an analogy, think of encryption like a jigsaw puzzle where you have to find one specific puzzle piece. If the puzzle only has 25 pieces, it won’t take you too long to accomplish. That is like a weak encryption algorithm. However, if the puzzle has 10,000 pieces it will take significantly longer [PC World].
Despite the fact that it took 21 years before someone figured out their jigsaw puzzle, GSM’s creators at the GSM Association aren’t pleased. “We consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM,” said Claire Cranton, a spokeswoman. “To do this while supposedly being concerned about privacy is beyond me” [The Guardian].
While Nohl claims his works was academic and GSM spokespeople say it’s not a threat, not everyone is convinced it’s so harmless. Law enforcement officials and well-financed cyber criminals have been able to crack GSM encryption for sometime, but the investment was so high that it didn’t pose much of a threat. This new method lowers the price of entry to the point that it is more of an issue, but still not a high risk [PC World].
80beats: A Hack of the Drones: Insurgents Spy on Spy Plans with $26 Software
80beats: Editing Goof Puts TSA Airport Screening Secrets on the Web
80beats: How to Prevent Heart Hackers from Turning Off Pacemakers
80beats: Electrical Espionage: Spies Hack Into the U.S. Power Grid
Image: flickr / Ed Yourdon