Don’t run for the hills just yet but this is some important news. A German encryption guru, Karsten Nohl, decrypted and published the secret codebook for the 21 year old GSM encryption algorithm still used for 80% of GSM calls. This old A5/1 algorithm is a 64-bit binary code which was supposed to be phased out by a new 128-bit encryption code released in 2007. Still most carriers have not upgraded since they are already moving to 3G which has stronger encryption protocols.
This is not the first time that this GSM protocol has been cracked. It was first shown in 2008 that you could crack the encryption in 30 minutes with a $1,000 worth of equipment and in 30 seconds with $100,000 of equipment. (Hat tip to Will Park)
Keep in mind the encryption is only one step of the protection since it just opens up the torrent of information and is hard to snoop on a single conversation. Not sure who would want to listen to my phone calls anyway…
via New York Times
Phoenix Not Registered
Posted: December 29, 2009 at 12:07 PM EST
I still remember having a scanner in the early 90′s and hearing analog cellphone calls. They would cut in and out as the phones switched towers or channels, but I’d often hear the same people again and again (including one guy who for some reason used his cellphone at the crazy airtime rates back then to call a phone sex line several times a week…I guess the airtime per minute rates paled in comparison to the sex line rates).
If you had a frequency counter you could determine the channel a particular person was on if you were close enough to them, and then go to that channel. Anyone could ‘tap’ a cellphone that way.
That all changed once digital phones/networks came along, and was one of the reasons I finally got a cellphone in 1999 and chose a digital network even though it had less coverage.
I still never discuss anything on a cellphone I wouldn’t want others to hear though.
oakie ( View Profile) Newcomer - Posts: 22
Posted: December 29, 2009 at 1:45 PM EST
meh.
the general public should be more fearful of the carriers and federal government constantly, actively, and legally monitoring your calls than of this. besides, if someone (other than the gov’t) is monitoring calls for dubious reasons, they’re listening for more important people with information more relevant to their interests.
no one is wasting their time to listen in on your phone calls and hoping you’ll state your name, debit card number, expiration date, pin, security code, and date of birth, be it in a single call or gradually over days or weeks at a time. the effort to score ratio doing that is highly unprofitable and thus not worthwhile, unless you’re bill gates or steve jobs, etc.
and btw, of the 2 major carriers using GSM in the US, only at&t is still using A5/1 in part of their network. t-mo’s whole network has been using A5/3 (128-bit) for over a year now.
FOSSroxTHX Not Registered
Posted: December 29, 2009 at 8:49 PM EST
While your point is no less valid I have to say that I give out requisite charge card info on my cellphone at least 3 times a week. I’d say such sensitive info is being transmitted a lot more often than you seem to think.